File Permission Suggestion
Tristan Ball
tristanb at vsl.com.au
Thu Aug 9 23:44:47 GMT 2001
>
>
>Of a related note, the READONLY dos attribute can not be implemented
>on SAMBA to work the same way as on NT.
>
>You can allow a client to set a file READONLY, but not to clear it.
>Why?
>
>Because you do not know if the user intended to grant write access to
>only themselves or the group and world.
>
I'm not sure that this is quite true. To a windows user, whether or not
a file is read only is entirely seperate from ACL permissions. A user
setting a file read only will expect it to be read only regardless of
any write access provided by ACL's. Conversely, clearing the read only
bit should allow write access as specified by the acl's or normal
permissions. This is essentually the same functionality as provided by
ext2's immutable flag. Under pc clients, the read only bit really isn't
a security feature tho, it's more of an advisory warning.
We use read only as an informal document control mechanisim. When a
document is released, it's marked as read only. That doesn't stop people
clearing the read only bit, but everyone here knows what it means. It
also means that if a released document does need to be edited, the users
can clear the readonly, but they will only have write access if the
permissions allow it.
The problem really boils down to under samba, we try and emulate a
non-security feature from the security of the file, which is never going
to be perfect. (I'm not critisising, I know why the current scheme was
chosen) For our environment, having the read only bit map to say the t
bit would be more usefull. The clients are all windows, so I don't have
to worry about unix access to the files, and because read only is then
seperate from the permissions, windows clients would get the expected
behaviour. Possibly a config option to change how the readonly bit is
presented would be a good idea.
I may have just motivated myself into a patch :-)
T.
More information about the samba-technical
mailing list