From dbc9acf637397766fa663358424af5342c628d5e Mon Sep 17 00:00:00 2001
From: Jeremy Allison <jra@samba.org>
Date: Mon, 24 Nov 2008 15:29:17 -0800
Subject: [PATCH] Fix bug #5873 - ACL inheritance cannot be broken. This
 regresses #4308, but that will have to be fixed another way. Jeremy.

---
 source/smbd/posix_acls.c | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/source/smbd/posix_acls.c b/source/smbd/posix_acls.c
index b4f8ad58521..09165e7d7b9 100644
--- a/source/smbd/posix_acls.c
+++ b/source/smbd/posix_acls.c
@@ -3221,6 +3221,9 @@ int try_chown(connection_struct *conn, const char *fname, uid_t uid, gid_t gid)
 	return ret;
 }
 
+#if 0
+/* Disable this - prevents ACL inheritance from the ACL editor. JRA. */
+
 /****************************************************************************
  Take care of parent ACL inheritance.
 ****************************************************************************/
@@ -3413,6 +3416,7 @@ static NTSTATUS append_parent_acl(files_struct *fsp,
 	*pp_new_sd = psd;
 	return status;
 }
+#endif
 
 /****************************************************************************
  Reply to set a security descriptor on an fsp. security_info_sent is the
@@ -3525,6 +3529,9 @@ NTSTATUS set_nt_acl(files_struct *fsp, uint32 security_info_sent, SEC_DESC *psd)
 
 	create_file_sids(&sbuf, &file_owner_sid, &file_grp_sid);
 
+#if 0
+	/* Disable this - prevents ACL inheritance from the ACL editor. JRA. */
+
 	/* See here: http://www.codeproject.com/KB/winsdk/accessctrl2.aspx
  	 * for details and also the log trace in bug #4308. JRA.
  	 */
@@ -3540,6 +3547,7 @@ NTSTATUS set_nt_acl(files_struct *fsp, uint32 security_info_sent, SEC_DESC *psd)
 			return status;
 		}
 	}
+#endif
 
 	acl_perms = unpack_canon_ace( fsp, &sbuf, &file_owner_sid, &file_grp_sid,
 					&file_ace_list, &dir_ace_list, security_info_sent, psd);
-- 
2.11.4.GIT