mirror of
https://github.com/samba-team/samba.git
synced 2024-12-22 13:34:15 +03:00
vfs_acl_common.c: prefer capabilities over become_root
Signed-off-by: Bjoern Jacke <bjacke@samba.org> Reviewed-by: Christof Schmitt <cs@samba.org>
This commit is contained in:
parent
06e5c1e32e
commit
12734848dc
@ -761,9 +761,9 @@ static NTSTATUS set_underlying_acl(vfs_handle_struct *handle, files_struct *fsp,
|
||||
|
||||
/* Ok, we failed to chown and we have
|
||||
SEC_STD_WRITE_OWNER access - override. */
|
||||
become_root();
|
||||
set_effective_capability(DAC_OVERRIDE_CAPABILITY);
|
||||
status = SMB_VFS_NEXT_FSET_NT_ACL(handle, fsp, security_info_sent, psd);
|
||||
unbecome_root();
|
||||
drop_effective_capability(DAC_OVERRIDE_CAPABILITY);
|
||||
|
||||
return status;
|
||||
}
|
||||
@ -1069,7 +1069,7 @@ static int acl_common_remove_object(vfs_handle_struct *handle,
|
||||
goto out;
|
||||
}
|
||||
|
||||
become_root();
|
||||
set_effective_capability(DAC_OVERRIDE_CAPABILITY);
|
||||
if (is_directory) {
|
||||
ret = SMB_VFS_NEXT_UNLINKAT(handle,
|
||||
dirfsp,
|
||||
@ -1081,7 +1081,7 @@ static int acl_common_remove_object(vfs_handle_struct *handle,
|
||||
smb_fname,
|
||||
0);
|
||||
}
|
||||
unbecome_root();
|
||||
drop_effective_capability(DAC_OVERRIDE_CAPABILITY);
|
||||
|
||||
if (ret == -1) {
|
||||
saved_errno = errno;
|
||||
|
Loading…
Reference in New Issue
Block a user