[linux-cifs-client] Re: Unable to create new file on windows 2000

Steve French smfltc at us.ibm.com
Fri Jan 30 20:48:01 GMT 2004


You are correct but it looks at first glance like very odd CIFS server
design. Just did some experiments here and found the main difference.  
CIFS VFS uses the more modern "NTCreateX" SMB to open files (this is not
a particulary new protocol request, and has been around a long time). 
smbfs uses the very old DOS era "SMBcreate" which is legal but obsolete.

NTCreateX allows many options on open - but the important one is
probably that I am requesting "GENERIC_ALL" permission on the file
handle, while presumably the legacy SMBcreate is mapped on the server
side to something closer to the equivalent of NTCreateX with request for
GENERIC_WRITE | GENERIC_READ which would give more limited permissions
for the app when using the file handle.  The trade off is when the app
would fail - at open time (cifs vfs) or later (smbfs).   

I will try some experiments to see whether Windows servers will accept
"GENERIC_READ | GENERIC_WRITE" as a substitute for "GENERIC_ALL) and
prevent access denied on create for cases like this by in effect
lowering the requested permissions at create time.   Both smbfs and cifs
vfs will both open existing files similarly - and this odd Windows
server feature only seems to affect behavior of creates when share
permissions are altered (not the more common NTFS permissions)

> How do the acl settings differ when using smbfs as opposed to cifs? When
> I mount the same share using smbfs I do not see the same behaviour i.e.
> I can create new files without having to have full control over the share.
> 
> The change in permissions is done to the network share rather than on
> the ntfs settings i.e. when using cifs we set full control on the
> network share whilst the ntfs acls deny full control.
> 
> Cheers,
> Ian




More information about the linux-cifs-client mailing list