merged into cifs-2.6.git for-next pending review and more testing Ronnie, Maybe we should add a small test for create file with modefromsid, chmod the file, and then getcifsacl? On Sun, Feb 13, 2022 at 4:41 PM Ronnie Sahlberg <lsahlber@xxxxxxxxxx> wrote: > > When we create a file with modefromsids we set an ACL that > has one ACE for the magic modefromsid as well as a second ACE that > grants full access to all authenticated users. > > When later we chante the mode on the file we strip away this, and other, > ACE for authenticated users in set_chmod_dacl() and then just add back/update > the modefromsid ACE. > Thus leaving the file with a single ACE that is for the mode and no ACE > to grant any user any rights to access the file. > Fix this by always adding back also the modefromsid ACE so that we do not > drop the rights to access the file. > > Signed-off-by: Ronnie Sahlberg <lsahlber@xxxxxxxxxx> > --- > fs/cifs/cifsacl.c | 5 ++++- > 1 file changed, 4 insertions(+), 1 deletion(-) > > diff --git a/fs/cifs/cifsacl.c b/fs/cifs/cifsacl.c > index ee3aab3dd4ac..40cda87ce384 100644 > --- a/fs/cifs/cifsacl.c > +++ b/fs/cifs/cifsacl.c > @@ -949,6 +949,9 @@ static void populate_new_aces(char *nacl_base, > pnntace = (struct cifs_ace *) (nacl_base + nsize); > nsize += setup_special_mode_ACE(pnntace, nmode); > num_aces++; > + pnntace = (struct cifs_ace *) (nacl_base + nsize); > + nsize += setup_authusers_ACE(pnntace); > + num_aces++; > goto set_size; > } > > @@ -1613,7 +1616,7 @@ id_mode_to_cifs_acl(struct inode *inode, const char *path, __u64 *pnmode, > nsecdesclen = secdesclen; > if (pnmode && *pnmode != NO_CHANGE_64) { /* chmod */ > if (mode_from_sid) > - nsecdesclen += sizeof(struct cifs_ace); > + nsecdesclen += 2 * sizeof(struct cifs_ace); > else /* cifsacl */ > nsecdesclen += 5 * sizeof(struct cifs_ace); > } else { /* chown */ > -- > 2.30.2 > -- Thanks, Steve