[Bug 1886548] Re: setcifsacl: fix adding ACE when owner sid in unexpected location

Thu Jul 9 09:35:50 UTC 2020

So I understand running `setcifsacl -a
‘ACL:MYDOMAIN\domuser:DENIED/0x0/FULL’ /mnt/test/abc` on a mounted cifs,
while on an affected system? I assume it is easy to do with Azure file
shares, but I'd also appreciate a bit more details about the testing
needed to be done for verification. Could you update the description to
include that missing information?

Anyway, this upload looks fine so I will approve it.

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to cifs-utils in Ubuntu.
https://bugs.launchpad.net/bugs/1886548

Title:
  setcifsacl: fix adding ACE when owner sid in unexpected location

Status in cifs-utils package in Ubuntu:
  Fix Released
Status in cifs-utils source package in Bionic:
  Fix Committed
Status in cifs-utils source package in Focal:
  Fix Released
Status in cifs-utils source package in Groovy:
  Fix Released

Bug description:
  For Bionic release, current cifs-utils package version is 6.8-1. This
  version is missing an ACL tools fix that is needed for Azure xSMB.

  Commit in question which needs to be backported:
  0feb1a80f3777f4c244b46958aa9f730de9e18b6 setcifsacl: fix adding ACE
  when owner sid in unexpected location

  [Impact]

   * The bug shows up with mounted cifs/smb filesystem, when a user
  tries to modify the DACL for the files/directories in the mount. If
  the owner/group ACEs do not appear first in the DACL (happens quite
  easily with Azure file shares). The setcifsacl command in cifs-utils
  fails in that case:

  $ setcifsacl -a ‘ACL:MYDOMAIN\domuser:DENIED/0x0/FULL’ /mnt/test/abc
  main: setxattr error: Invalid argument

   * With the fix available in commit
  0feb1a80f3777f4c244b46958aa9f730de9e18b6, the above error is not
  returned, and the command works.

  [Regression potential]

  The fix has been created by Microsoft and approved by cifs-utils
  upstream maintainers.

  The fix has been tested in ubuntu (a test package I have built in a
  ppa) pre-SRU by Microsoft/Azure themselves, and they confirm
  everything is working as expected with this fix using the test case
  above.

  The fix is found in Ubuntu with Eoan and onwards.

  [Other information]

  # Upstream commit:
  https://git.samba.org/?p=cifs-utils.git;a=commit;h=0feb1a80f3777f4c244b46958aa9f730de9e18b6

  # git describe --contains 0feb1a80f3777f4c244b46958aa9f730de9e18b6
  cifs-utils-6.9~14

  # rmadison
   => cifs-utils | 2:6.8-1       | bionic
   cifs-utils    | 2:6.9-1          | focal
   cifs-utils    | 2:6.10-0ubuntu1  | groovy          |

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/cifs-utils/+bug/1886548/+subscriptions