From 12734848dc9901b932644139aaa7e3f78e55c8dc Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Bj=C3=B6rn=20Jacke?= Date: Fri, 17 Jun 2022 07:25:08 +0200 Subject: [PATCH] vfs_acl_common.c: prefer capabilities over become_root Signed-off-by: Bjoern Jacke Reviewed-by: Christof Schmitt --- source3/modules/vfs_acl_common.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/source3/modules/vfs_acl_common.c b/source3/modules/vfs_acl_common.c index daad612e565..692e776d10c 100644 --- a/source3/modules/vfs_acl_common.c +++ b/source3/modules/vfs_acl_common.c @@ -761,9 +761,9 @@ static NTSTATUS set_underlying_acl(vfs_handle_struct *handle, files_struct *fsp, /* Ok, we failed to chown and we have SEC_STD_WRITE_OWNER access - override. */ - become_root(); + set_effective_capability(DAC_OVERRIDE_CAPABILITY); status = SMB_VFS_NEXT_FSET_NT_ACL(handle, fsp, security_info_sent, psd); - unbecome_root(); + drop_effective_capability(DAC_OVERRIDE_CAPABILITY); return status; } @@ -1069,7 +1069,7 @@ static int acl_common_remove_object(vfs_handle_struct *handle, goto out; } - become_root(); + set_effective_capability(DAC_OVERRIDE_CAPABILITY); if (is_directory) { ret = SMB_VFS_NEXT_UNLINKAT(handle, dirfsp, @@ -1081,7 +1081,7 @@ static int acl_common_remove_object(vfs_handle_struct *handle, smb_fname, 0); } - unbecome_root(); + drop_effective_capability(DAC_OVERRIDE_CAPABILITY); if (ret == -1) { saved_errno = errno;