[Samba] dos filemode (security concern)

[Ralf Gross]

Ralf Gross schrieb:
> 
> I've a question about the 'dos filemode' option (samba 3.0.24, debian etch). I
> want to use this option to allow group members  with write access to add/change
> permissions.
> 
> man smb.conf:
> 
> dos filemode (S)
> only the owner of a file/directory is able to change the permissions on it.
> However, this behavior  is  often confusing  to  DOS/Windows users. Enabling
> this parameter allows a user who has write access to the file (by whatever
> means) to modify the permissions (including ACL) on it. Note that a user
> belonging to the group owning the file will not be allowed to change
> permissions if the group is only granted read access. Ownership of the
> file/directory may also be changed.
> 
> 
> I am member of the group users, but I've no write access to the directory. So
> I'd think that I'm not allowed to add users or change permissions. But this is
> not true here.
[...]

This starts to be a real problem here...

The 'dos filemode' option is not working as described in the man page.
At least not for me.

Following the man page, user with write permissions should be abel to
change permission. But that's not what I observe here.

- the owning group is always able to change the permissions, even if I
  remove all permissions for this group (group::---).

- other users with write access are not allowed to change permissions
  (either with direct rwx permissions or as member of a group with rwx
  perms)

example directory:

# file: test
# owner: ralfgro
# group: test-admin
user::rwx
user:rg:rwx
group::---
mask::rwx
other::---
default:user::rwx
default:group::rwx
default:mask::rwx
default:other::---

-> members of group test-admin can change permission
-> members of group erv can't change permissiones
-> user rg can't change permissions


the config (I'v used different options, but this didn't change the behavoir):

[testshare]
        printable = no
        comment = Testshare
        browseable = no
        writable = yes

        dos filemode = yes
        store dos attributes = yes
        ea support = yes
        #inherit permissions = yes
        inherit acls = Yes
        #acl map full control = False
        map acl inherit = Yes
        map archive = no
        map hidden = no
        map system = no
        map readonly = no
        path = /server/projekte/test/testshare


Is anyone successfully using the 'dos filemode' option as documented in the man page?


The goal would be:

A share where members of different groups can set permissions on different directories.


eg:

Share Test:

test/        <-- access for all group members of group erv 
    /A       <-- access only for a couple of users, maybe an extra group
    /B       <-- access for some other users, maybe an extra group


Users that have write access to A should be able to grant other users access.
The same for B.

atm: if directory A is create by user ralfgro, which for example has primay
group erv. He and all members of group erv can change permissions, and there is
no way (from windows) to change the owning group. And even if ralfgro adds an
other group or user with rwx permissions, none of them can change the permissions.

To avoid the problem with the owning group I tried using the gid bit and set
the owing group to an empty group with no members. But still no other user with
rwx access can change permissions.


How do other people solve this problem?

Ralf