IF YOU WOULD LIKE TO GET AN ACCOUNT, please write an
email to Administrator. User accounts are meant only to access repo
and report issues and/or generate pull requests.
This is a purpose-specific Git hosting for
BaseALT
projects. Thank you for your understanding!
Только зарегистрированные пользователи имеют доступ к сервису!
Для получения аккаунта, обратитесь к администратору.
Updates the onefs vfs module to add configurable behavior to deal
with sids that are unknown to us. The best examples are aces that
come from robocopy/xcopy.
Adds the following share level options (which are specific to the vfs_onefs
module):
onefs: ignore unmappable sids (Default = false)
If this option is set to true, sids which could not be resolved to
a uid/gid are ignored. If an unmappable sid is encountered as the owner
or group, the owner/group is converted to BUILTIN\Administrators.
onefs: unmappable sids ignore list (Default = empty)
Only the sids in the list are ignored.
onefs: ignore sacls (Default = false)
SACLs are ignored
onefs: unmappable sids deny everyone (Default = false)
If an unmappable sid is found in a deny ACE, the ACE's identity is
changed to Everyone.
Simo is completely correct. We should be doing the chown *first*, and fail the
ACL set if this fails. The long standing assumption I made when writing the
initial POSIX ACL code was that Windows didn't control who could chown a file
in the same was as POSIX. In POSIX only root can do this whereas I wasn't sure
who could do this in Windows at the time (I didn't understand the privilege
model). So the assumption was that setting the ACL was more important (early
tests showed many failed ACL set's due to inability to chown). But now we have
privileges in smbd, and we must always fail an ACL set when we can't chown
first. The key that Simo noticed is that the CREATOR_OWNER bits in the ACL
incoming are relative to the *new* owner, not the old one. This is why the old
user owner disappears on ACL set - their access was set via the USER_OBJ in the
creator POSIX ACL and when the ownership changes they lose their access.
Patch is simple - just ensure we do the chown first before evaluating the
incoming ACL re-read the owners. We already have code to do this it just wasn't
rigorously being applied.
Jeremy.
Because we still want to commit any changes that successfully apply we
never want to do a global cancel, and because of how transaction nesting
works that means we never cancel any "transaction" at the single modify
operation level.
Let each operation start its own transaction so that the transaction is
properly canceled if any error is returned and half committed operations
(though plugins failing) are properly reverted on a per operation basis.
