Changing file permissions from a NT box

Cole, Timothy D. timothy_d_cole at md.northgrum.com
Tue Jul 13 14:19:02 GMT 1999 

Unfortunately, I don't think 2.0.4b supports the necessary RPCs to enumerate
users on the local machine, such that the "Add..." dialog won't display.
Have you tried cacls?

Setting the permissions for existing ACEs are a separate issue.
Unfortunately, in 2.0.4b, the permissions that you can set/change are
limited by both the create mask and force mask, which will override even
existing permissions, which is (usually) not what you want.  I can't use CVS
from behind the firewall here, or I'd check to see if anything is in 2.0 CVS
(pre-2.0.5?) now to remedy that.

Here's a patch that fixes the permissions mangling problems at least (n.b.
it's slightly hand-edited) for us here:

diff -u3 -r samba-2.0.4.orig/source/smbd/nttrans.c
samba-2.0.4/source/smbd/nttrans.c
--- samba-2.0.4.orig/source/smbd/nttrans.c	Fri May 14 21:06:39 1999
+++ samba-2.0.4/source/smbd/nttrans.c	Tue Jun  1 14:24:55 1999
@@ -2238,6 +2238,28 @@
               fsp->fsp_name, (unsigned int)user, (unsigned int)grp,
strerror(errno) ));
         return(UNIXERROR(ERRDOS,ERRnoaccess));
       }
+
+      /*
+       * Recheck the current state of the file, which may have changed as a
result of the
+       * chgrp/chmod (suid/sgid bits, for instance)
+       */
+
+      if(fsp->is_directory) {
+        if(dos_stat(fsp->fsp_name, &sbuf) != 0) {
+          return(UNIXERROR(ERRDOS,ERRnoaccess));
+        }
+      } else {
+
+        int ret;
+    
+        if(fsp->fd_ptr == NULL)
+          ret = dos_stat(fsp->fsp_name, &sbuf);
+        else
+          ret = sys_fstat(fsp->fd_ptr->fd, &sbuf);
+    
+        if(ret != 0)
+          return(UNIXERROR(ERRDOS,ERRnoaccess));
+      }
   }
 
   /*
@@ -2249,20 +2271,10 @@
     free_sec_desc(&psd);
-
-    /*
-     * Check to see if we need to change anything.
-     */
-
-    if(fsp->is_directory) {
-
-      perms &= lp_dir_mode(SNUM(conn));
-      perms |= lp_force_dir_mode(SNUM(conn));
-
-    } else {
-
-      perms &= lp_create_mode(SNUM(conn)); 
-      perms |= lp_force_create_mode(SNUM(conn));
-
-    }
+
+    /*
+     * Preserve special bits.
+     */
+
+    perms |= sbuf.st_mode & ~0777;
 
     /*
      * Do we need to chmod ?

> -----Original Message-----
> From:	Peter Wilke [SMTP:pwilke at mgm-edv.de]
> Sent:	Tuesday, July 13, 1999 9:09
> To:	Multiple recipients of list SAMBA-NTDOM
> Subject:	Changing file permissions from a NT box
> 
> Hello,
> 
> for us it ist important to be able to change the unix file permissions
> (mode) from a NT box. So far it is possible to make the permissions
> visible (properties-->security-->permissions). I can change the
> permissions and delete entries in the list but when I say OK and open
> the permission window again, the old permissions appear again.What I
> cannot do at all ist adding somebody. That would be nice when someone
> wants to change the group of that file or directory.
> Hope, somebody can help!
> 
> Peter Wilke

More information about the samba-ntdom mailing list