A customer environment has ACLs containing python bytestring representations in UCS@school (UCS4.4): univentionShareSambaBaseDirAppendACL: (D;OICI;WOWD;;;*b'*S-1-5-21-1445483585-882151808-2549572616-11235*'*) univentionShareSambaBaseDirAppendACL: (A;OICI;0x001f01ff;;;*b'*S-1-5-21-1445483585-882151808-2549572616-11233*'*) univentionShareSambaBaseDirAppendACL: (A;OICI;0x001f01ff;;;*b'*S-1-5-21-1445483585-882151808-2549572616-12591*'*) The origin seems to be the KELVIN API which is executed with Python 3 but partly the Python 2 code of UCS@school 4.4.
MR: https://git.knut.univention.de/univention/components/ucsschool-kelvin-rest-api/-/merge_requests/20
Thanks for the MR! We also need to write a script to be called in the Kelvin Apps join script ("inst"), that fixes existing univentionShareSambaBaseDirAppendACL entries.
(In reply to Daniel Tröder from comment #2) > We also need to write a script to be called in the Kelvin Apps join script > ("inst"), that fixes existing univentionShareSambaBaseDirAppendACL entries. ucs-school-metapackage/set_nt_acl_on_shares did wrote the ACL initially
Kelvin 1.6.0 was released last week and everything as been merged to the branch release160 as well as main (for later releases). Next to the fix I wrote the script fix_nt_acl_on_shares, which fixes existing shares. It is automatically executed in the joinscript. Existing custom NT ACL, which are written are preserved. It can also be executed (on the host, not inside the docker container) by running $ /var/lib/univention-appcenter/apps/ucsschool-kelvin-rest-api/data/scripts/fix_nt_acl_on_shares $ univention-directory-listener-ctrl resync samba-shares
Was released.