[cifs-protocol] SMB2: Setting file permissions from client

Jeremy Allison jra at samba.org
Thu Mar 5 19:28:54 UTC 2020

On Thu, Mar 05, 2020 at 11:44:03AM +0000, aidan.wyatt via cifs-protocol wrote:
> Hello,
> First I'd like to apologize if this the incorrect mailing list for such a question, it seemed the most appropriate for technical questions regarding the protocol.
> I'm writing a file explorer that can also do SMB 2.1. Everything is working great except one thing: I'm unable to set file permissions after creating those files from the client. Reading the documentation it was my understanding this is a job for GetInfo/SetInfo with SMB2_0_INFO_SECURITY. Query the sids/dacl with GetInfo, then set the mode bits with SetInfo for that DACL. With specific reserved SIDS for chmod like behavior (Judging by the apple smb client source and the linux cifs client).
> After several attempts I managed to get samba (running on ubuntu 18.04) to reply back with the DACL info which I used to build a SetInfo packet with my desired permissions. Samba replied to it with STATUS_SUCCESS but nothing actually happened, the permissions didn't take. Everyone can read, but nobody expect the owner can write. For completion's sake I tried the same versus a window 10 share with similar results. OSX replied to my GetInfo with status_not_supported.
> Can someone shed some light on how an smb client would actually go about changing file permissions? A packet capture would also be immensely helpful. From the documentation I would have expected the above to work so this points to either a severe gap in my understanding or perhaps a setting on the smb share overwriting whatever I'm doing. I have not edited the smb.conf file except for adding a share and allowing guest users.

Look at the code in:


specifically set_secdesc() and the functions
it calls. Are you writing your own smb2 client
code ? That's a *big* job.

If LGPLv2.1+ license works for you, you might
want to look at:

git clone git://git.samba.org/libsmb2.git


More information about the cifs-protocol mailing list