Project

General

Profile

Feature #33645

Add ability to stop winmsa from changing owner

Added by Andrew Walker 11 months ago. Updated 8 months ago.

Status:
Done
Priority:
No priority
Assignee:
Andrew Walker
Category:
Services
Target version:
Estimated time:
Severity:
New
Reason for Closing:
Reason for Blocked:
Needs QA:
No
Needs Doc:
No
Needs Merging:
No
Needs Automation:
No
Support Suite Ticket:
n/a
Hardware Configuration:

Description

Two reasons for this:
(A) there are times when user may want to preserve file ownership, but have file re-ACLed.

(B)
It was observed on a call where winmsa's chown operation, which operated according to design, resulted in unintended permissions change across directory that was moved.

Process:
0) User may have had a windows configuration that transferred security attributes from source to destination.
1) User created a dir (thus becoming owner). New directory inherited permissions from parent directory.
2) User then moved another directory into the newly created one.

Result:
Winmsa properly pushed the parent directory's ACL, but then windows client re-applied the source directory's ACL immediately after move completed (seen in pcap and log.smbd). These ACL operations succeeded despite the user not having explicit permissions to change the ACL because he was the owner of all the files in question. Turning off chown may help limit the impact of misconfigured clients.

History

#1 Updated by Andrew Walker 11 months ago

#2 Updated by Andrew Walker 11 months ago

  • Subject changed from make winmsa chown configurable to make chown in winmsa vfs module configurable

#3 Updated by Dru Lavigne 11 months ago

  • Status changed from Unscreened to In Progress
  • Assignee changed from Release Council to Andrew Walker
  • Target version changed from Backlog to 11.2-BETA1

#4 Updated by Dru Lavigne 11 months ago

  • Target version changed from 11.2-BETA1 to 11.2-RC2

#5 Updated by Dru Lavigne 9 months ago

  • Target version changed from 11.2-RC2 to 11.2-BETA3

#6 Updated by Alexander Motin 9 months ago

  • Category changed from OS to Services

#7 Updated by John Hixson 9 months ago

The default should be to chown. It can be disabled if configured to do so.

#8 Updated by John Hixson 9 months ago

  • Status changed from In Progress to Ready for Testing

Merged.

#9 Updated by Dru Lavigne 9 months ago

  • Subject changed from make chown in winmsa vfs module configurable to Add ability to stop winmsa from changing owner
  • Target version changed from 11.2-BETA3 to 11.2-BETA2
  • Needs Merging changed from Yes to No

#11 Updated by Dru Lavigne 9 months ago

  • Needs Doc changed from Yes to No

#12 Updated by Dru Lavigne 9 months ago

  • Status changed from Ready for Testing to In Progress
  • Target version changed from 11.2-BETA2 to 11.1-U6

#13 Updated by Dru Lavigne 9 months ago

  • Status changed from In Progress to Ready for Testing

#14 Updated by Bonnie Follweiler 8 months ago

  • Status changed from Ready for Testing to Passed Testing
  • Needs QA changed from Yes to No

Test Passed in FreeNAS 11.1-U6 Internal 6

#15 Updated by Dru Lavigne 8 months ago

  • Status changed from Passed Testing to Done

Also available in: Atom PDF