[Samba] Setuid bit always set on Vista mount
Jeff Layton
jlayton at samba.org
Mon Feb 15 11:10:21 MST 2010
On Fri, 12 Feb 2010 14:39:05 -0800
"Robert Edgar" <bob at drive5.com> wrote:
> Files on my Vista mount always have the S mode (setgid bit?) set according
> to ls -l. This is a security hole and causes other problems. I can't clear
> the bit with chmod; in fact the results of doing chmod don't make any sense
> to me (I'll be glad to provide examples). Typical files show as -rwxrwSrwx,
> though not all. The smb.conf file has create mask 0666 and directory mask
> 0777 various places. I inherited this smb.conf so am reluctant to mess with
> it since I don't know what I'm doing.
> Thanks for any advice.
> Robert.
>
>
I assuming this is using Linux CIFS? Older Linux CIFS versions set the
file_mode to 02767. That has the setgid bit set, but the group execute
bit is cleared. That's not really a security issue -- that combination
is supposed to signal to the kernel that it should enforce mandatory
locking.
The problem though is that we don't really want or need the kernel to
enforce that. Thus, more recent Linux kernel versions set the mode to
something a bit more sane (0755, IIRC). You can override that on the
one you're running by setting the file_mode= mount option (see the
mount.cifs manpage).
--
Jeff Layton <jlayton at samba.org>
More information about the samba
mailing list