[linux-cifs-client] chmod, chgrp, chown
Martin Koeppe
mkoeppe at gmx.de
Sat Jun 4 19:47:39 GMT 2005
Hello,
addressing TODO's missing feature a) chmod/chgrp/chown,
I found out how SFU/Interix manages these things.
(I concentrated on chmod for now, though)
Overview:
- The normal rwx bits are mapped to Windows File Manager
ACL permissions (and denies)
- The Set bits (chmod 07000) are stored in an Extended Attribute
When doing a chmod on Interix, always the following is done:
- all ACLs are removed and replaced by 3 new ACLs,
one for the windows file owner, one for the POSIX group of the
file owner and one for Everyone (SSID: S-1-1-0)
- the file's READ ONLY attribute is unset
- other attributes (HIDDEN, SYSTEM, ARCHIVE) are not changed
rwx bits
--------
For storing the rwx attributes, explorer's detailed file permissions
are used, they are (in the order they appear in the window):
name mask value
---------------------------------
(FULL) 0x001f01ff
FILE_TRAVERSE 0x00000020
FILE_LIST_DIRECTORY 0x00000001
FILE_READ_ATTRIBUTES 0x00000080
FILE_READ_EA 0x00000008
FILE_ADD_FILE 0x00000002
FILE_ADD_SUBDIRECTORY 0x00000004
FILE_WRITE_ATTRIBUTES 0x00000100
FILE_WRITE_EA 0x00000010
FILE_DELETE_CHILD 0x00000040
DELETE 0x00010000
READ_CONTROL 0x00020000
WRITE_DAC 0x00040000
WRITE_OWNER 0x00080000
SYNCRONIZE 0x00100000
For each of the 3 ACLs (owner, group, everybody)
the following mask is always set:
0x00120088 (SYNCRONIZE | READ_CONTROL | FILE_READ_EA | FILE_READ_ATTRIBUTES)
To this value the bits for r,w,x are ORed as follows:
r: 0x00000001 (FILE_LIST_DIRECTORY)
w: 0x00000156 (FILE_ADD_FILE | FILE_ADD_SUBDIRECTORY |
| FILE_DELETE_CHILD
| FILE_WRITE_EA | FILE_WRITE_ATTRIBUTES)
x: 0x00000020 (FILE_TRAVERSE)
When (group_rwx && ~owner_rwx != 0), e.g. the file has
permission -r--rwx---, then an additional DENY ACL for the owner
is created:
deny_rwx = group_rwx && ~owner_rwx; // == -wx
This is mapped to 0x00000156 + 0x00000020,
and the created deny ACL for the owner is:
owner deny: 0x00000176
The same is for Everyone, if everyone's permissions
are not included in group's or owner's.
For simplification, these DENY ACLs can always be set,
if the resulting mask is 0, then Windows removes the entry.
(At least it does so when using the Explorer.)
set bits
--------
If one of the set bits are to be set,
an Extended Attribute is created/updated:
Name: SETFILEBITS
data: uint32
chmod 01000 gets 0x00020000
chmod 02000 gets 0x00040000
chmod 04000 gets 0x00080000
readíng permissions
-------------------
When reading the permissions for a file, the READ ONLY attribute is
also taken into account: the mask values from the 3 ACLs above are
tried to read, and the file permissions calculated accordingly. If
file's READ ONLY attribute is set, then all w bits are cleared from
the calculation.
I think this should be implementable for linux-cifs in the same way,
when a Windows NT or above server is contacted.
Setting the permissins like that might default to the
mount option "noperm", as the checking can be done by the server.
Martin
More information about the linux-cifs-client
mailing list