Honouring eXecute permissions on NT?

Jeremy Allison jeremy at valinux.com
Sat Nov 4 21:07:55 GMT 2000

On Sat, Nov 04, 2000 at 08:03:14PM +0000, Martin Radford wrote:
> Neither was implementing an open-source SMB server, but the Samba team
> did it.  Seriously, though, this functionality is implemented by NT
> systems, presumably through one or more SMB calls which return the
> permissions set on a file or directory.  Armed with this knowledge, it
> should be fairly straightforward (although possibly time-consuming,
> depending on the number of calls involved) to add this functionality
> to Samba.  If the Samba team feel this is important, they may well
> implement it themselves; if they don't, then someone who does want it
> will need to do it.  I'm willing to at least take a look at it, but
> with little knowledge of how the code fits together it won't be easy
> for me.  If someone can suggest where I need to look, then it'll be
> easier.

Ok - the key to this should be that NT will open the
file with an NTCreate call - this is handled in smbd/nttrans.c.

If opening for execute, check that the "desired_access" mode
includes the flag "FILE_EXECUTE". If so, in the NTcreate
code do a check on the current UNIX permissions to see if
the 'x' bit is set for the requisite account (user/group/other)
that the incoming user would use and then deny the open if
the 'x' bit is not set.

The code you need to modify should be fairly simple and
should be commented well enough for you to do this. If it
isn't that's a bug and please tell me about it.

That should do it - it's an interesting problem but not
one I can concentrate on right now as I'm still working
on 2.2.0alpha showstopper issues.

Hope this helps,

		Jeremy Allison,
		Samba Team.

Buying an operating system without source is like buying
a self-assembly Space Shuttle with no instructions.

More information about the samba-ntdom mailing list