Security dialogues from Win9x
Jeremy Allison
jeremy at valinux.com
Fri Aug 3 20:31:33 GMT 2001
Mark at samba.org, Westcott at samba.org wrote:
>
> I am using linux kernel 2.4.4 with the best bits acl patch installed and
> functional. My workstations are all running Windows 95 OSR 2. Now onto the
> problem:
>
> 1) As root, I create a file in windows
>
> results getfacl on linux box:
>
> # file: Test.txt
> # owner: root
> # group: root
> user::rwx
> group::r--
> other:r--
>
> 2) Using the security dialogues, I set 'No access' for a user called p1
>
> # file: Test.txt
> # owner: root
> # group: root
> user::rwx
> user:p1:---
> group::r--
> mask:rwx
> other:r--
>
> 3) Now if I log on as user 'p1', I can use the 'take ownership' button to
> take ownership of the file:
>
> # file: Test.txt
> # owner: p1
> # group: root
> user::rwx
> user:p1:---
> group::r--
> mask:rwx
> other:r--
>
> 4) I can now modify/access the file.
>
> This cant be right? Surely?
This is actually correct w.r.t. POSIX ACLs, as the most
specific match (in this case the user: entry) is used
and all others are ignored.
Can you explain exactly what you think should happen in
this case (my feeling is that the user:p1 entry should be
removed and the user: entry should be changed to user:r--
which is the minimum access granted to the file owner)
but I'm happy to discuss this.
This will need some specific code to handle this in smbd/posix_acls.c
Jeremy.
--
--------------------------------------------------------
Buying an operating system without source is like buying
a self-assembly Space Shuttle with no instructions.
--------------------------------------------------------
More information about the samba-technical
mailing list