IBM Support

IJ55167: INCORRECT PERMISSIONS ON FILES CREATED VIA WINDOWS SMB

Subscribe to this APAR

By subscribing, you receive periodic emails alerting you to the status of the APAR, along with a link to the fix after it becomes available. You can track this item individually or track all items by product.

Notify me when this APAR changes.

Notify me when an APAR for this component changes.

 

APAR status

  • Closed as program error.

Error description

  • IBM has identified potential security leak or data access loss
issue for files created from SMB clients. The issue may appear
when SMB clients create files in folders that use ACL
inheritance to change ACLs (additional access to groups, reduced
access to a users primary group) from the default access mask.

Local fix

  • 



Problem summary


    

  • IBM has identified potential security leak or data access loss
issue for files created from SMB clients. The issue may appear
when SMB clients create files in folders that use ACL
inheritance to change ACLs (additional access to groups, reduced

access to a users primary group) from the default access mask.

    



Problem conclusion


    

  • This problem is fixed in 5.2.3.2
To see all Spectrum Scale APARs and their respective
Fix solutions refer to page: 
https://public.dhe.ibm.com/storage/spectrumscale/spectrum_scale
_apars.html

Benefits of the solution:
The suggested fix will restore the ACL functionality with
inheritance. New files generated with the solution in place will

show the expected ACL derrived from ACL inheritance
settings.Files that were created with the problem code and have
unexpected ACL will need to be repaired in a second step.

Work Around:
None

Problem trigger:
File creation via SMB protocol in folders with ACL inheritance

Symptom:
incorrect ACL written

Platforms affected:
Linux Only

Functional Area affected:
CES SMB

Customer Impact:
High Importance

    



Temporary fix


    

  • 



Comments


    

  • 



APAR Information




    

  • APAR number
    IJ55167
    • 

  • Reported component name
    SPEC SCALE STD
    • 

  • Reported component ID
    5737F33AP
    • 

  • Reported release
    523
    • 

  • Status
    CLOSED  PER
    • 

  • PE
    NoPE
    • 

  • HIPER
    NoHIPER
    • 

  • Special Attention
    NoSpecatt / Xsystem
    • 

  • Submitted date
    2025-06-30
    • 

  • Closed date
    2025-07-02
    • 

  • Last modified date
    2025-07-02
    • 





    

  • APAR is sysrouted FROM one or more of the following:
    

    • 

  • APAR is sysrouted TO one or more of the following:
    

    • 



Fix information


    

  • Fixed component name
    SPEC SCALE STD
    • 

  • Fixed component ID
    5737F33AP
    • 



Applicable component levels


    








      
              
                            

              

              [{"Business Unit":{"code":"BU048","label":"IBM Software"},"Product":{"code":"STXKQY"},"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"523","Line of Business":{"code":"LOB69","label":"Storage TPS"}}]
              

                                                                    

          
 
        

      

    

      

        

          

            
Document Information


            

            


                        

            Modified date:
            

            02 July 2025
            

            
                      

        


        

        


      

    

  



    

  

  
    
            

          
Page Feedback