No subject
Tue Dec 2 02:23:37 GMT 2003
Permissions - Bits capable of being set or reset to allow certain types of
access to it. Permissions for directories may have a different meaning
than the same set of permissions on files.
Read:
To be able to view contents of a file
To be able to read a directory
Write:
To be able to add to or change a file
To be able to delete or move files in a directory
Execute:
To be able to run a binary program or shell script
To be able to search in a directory, combined with read permission
I would recommend that those of you that's unsure about UNIX security read
this HOWTO, as it explains the complexity of security on UNIX
(not that other OS's are less complex, you just don't get to see all of
it..)
--Anders
Tobias Manthey <tmanthey at gmx.de>
Sent by: samba-ntdom-admin at us4.samba.org
09/23/2000 05:58 PM
To: samba-ntdom at us4.samba.org
cc:
Subject: Samba TNG-2.6: File permission problem
Hi all,
please anyone correct me when I state there is no other way to integrate
W2K Clients into a Samba Domain, than to use Samba-TNG?
If so can help me anyone with the following problem.
The follwing directory is shared among the clients
drwxrwxrwx 8 tobias manager 4096 Sep 24 00:30 public
[public]
path = /usr/local/samba/shares/public
public = no
comment = Public Share
create mask = 775
directory mask = 775
writable = yes
force create mode = 774
My goal is to create directories to which an ordinary user can add files
but cannot overwrite the existing ones.
So my apporach was the following:
create a file below public:
-rw-r--r-- 1 tobias manager 0 Sep 24 00:44 test.txt
(note that a ordinary user does no belong to the group manager)
But I was kinda suprised that every user can delete this file. Even if it
belonds to root:root with 700 permissions. Is this a wanted behavior?
TIA
Tobias
--
Sent through GMX FreeMail - http://www.gmx.net
--=_alternative 002A0CEF87256964_=
Content-Type: text/html; charset="us-ascii"
<br><font size=2 face="sans-serif">This is not a samba-issue, it's defined behavior under *NIX:</font>
<br>
<br><font size=2 face="sans-serif">Delete access under UNIX requires w(rite) access to the directory which the file is placed in, i.e. your WORLD-writeable directory is </font>
<br><font size=2 face="sans-serif">the reason for this.</font>
<br>
<br><font size=2 face="sans-serif">From http://www.linuxdoc.org/HOWTO/Security-HOWTO-5.html:</font>
<br>
<br><font size=2 face="sans-serif">Permissions - Bits capable of being set or reset to allow certain types of access to it. Permissions for directories may have a different meaning than the same set of permissions on files. </font>
<p><font size=2 face="sans-serif">Read: </font>
<ul>
<li><font size=2 face="sans-serif">To be able to view contents of a file </font>
<li><font size=2 face="sans-serif">To be able to read a directory </font>
<p><font size=2 face="sans-serif">Write: </font>
<ul>
<li><font size=2 face="sans-serif">To be able to add to or change a file </font>
<li><font size=2 face="sans-serif">To be able to delete or move files in a directory </font>
<p><font size=2 face="sans-serif">Execute: </font>
<ul>
<li><font size=2 face="sans-serif">To be able to run a binary program or shell script </font>
<li><font size=2 face="sans-serif">To be able to search in a directory, combined with read permission </font>
<br>
<br><font size=2 face="sans-serif">I would recommend that those of you that's unsure about UNIX security read this HOWTO, as it explains the complexity of security on UNIX</font>
<br><font size=2 face="sans-serif">(not that other OS's are less complex, you just don't get to see all of it..)</font>
<br>
<br><font size=2 face="sans-serif">--Anders</font>
<br>
<br>
<br>
<br>
<table width=100%>
<tr valign=top>
<td>
<td><font size=1 face="sans-serif"><b>Tobias Manthey <tmanthey at gmx.de></b></font>
<br><font size=1 face="sans-serif">Sent by: samba-ntdom-admin at us4.samba.org</font>
<p><font size=1 face="sans-serif">09/23/2000 05:58 PM</font>
<br>
<td><font size=1 face="Arial"> </font>
<br><font size=1 face="sans-serif"> To: samba-ntdom at us4.samba.org</font>
<br><font size=1 face="sans-serif"> cc: </font>
<br><font size=1 face="sans-serif"> Subject: Samba TNG-2.6: File permission problem</font></table>
<br>
<br><font size=2 face="Courier New">Hi all,<br>
please anyone correct me when I state there is no other way to integrate<br>
W2K Clients into a Samba Domain, than to use Samba-TNG?<br>
If so can help me anyone with the following problem.<br>
The follwing directory is shared among the clients<br>
<br>
drwxrwxrwx 8 tobias manager 4096 Sep 24 00:30 public<br>
<br>
[public]<br>
path = /usr/local/samba/shares/public<br>
public = no<br>
comment = Public Share<br>
create mask = 775<br>
directory mask = 775<br>
writable = yes<br>
force create mode = 774<br>
<br>
My goal is to create directories to which an ordinary user can add files<br>
but cannot overwrite the existing ones.<br>
<br>
So my apporach was the following:<br>
create a file below public:<br>
-rw-r--r-- 1 tobias manager 0 Sep 24 00:44 test.txt<br>
<br>
(note that a ordinary user does no belong to the group manager)<br>
But I was kinda suprised that every user can delete this file. Even if it<br>
belonds to root:root with 700 permissions. Is this a wanted behavior?<br>
TIA<br>
Tobias<br>
<br>
-- <br>
Sent through GMX FreeMail - http://www.gmx.net<br>
<br>
</font>
<br>
<br></ul></ul></ul>
--=_alternative 002A0CEF87256964_=--
More information about the samba-ntdom
mailing list