No subject


Tue Dec 2 02:23:37 GMT 2003 

Permissions - Bits capable of being set or reset to allow certain types of 
access to it. Permissions for directories may have a different meaning 
than the same set of permissions on files. 
Read: 
To be able to view contents of a file 
To be able to read a directory 
Write: 
To be able to add to or change a file 
To be able to delete or move files in a directory 
Execute: 
To be able to run a binary program or shell script 
To be able to search in a directory, combined with read permission 

I would recommend that those of you that's unsure about UNIX security read 
this HOWTO, as it explains the complexity of security on UNIX
(not that other OS's are less complex, you just don't get to see all of 
it..)

--Anders





Tobias Manthey <tmanthey at gmx.de>
Sent by: samba-ntdom-admin at us4.samba.org
09/23/2000 05:58 PM

 
        To:     samba-ntdom at us4.samba.org
        cc: 
        Subject:        Samba TNG-2.6: File permission problem

Hi all,
please anyone correct me when I state there is no other way to integrate
W2K Clients into a Samba Domain, than to use Samba-TNG?
If so can help me anyone with the following problem.
The follwing directory is shared among the clients

drwxrwxrwx   8 tobias   manager      4096 Sep 24 00:30 public

[public]
path = /usr/local/samba/shares/public
public = no
comment = Public Share
create mask = 775
directory mask = 775
writable = yes
force create mode = 774

My goal is to create directories to which an ordinary user can add files
but cannot overwrite the existing ones.

So my apporach was the following:
create a file below public:
-rw-r--r--   1 tobias   manager         0 Sep 24 00:44 test.txt

(note that a ordinary user does no belong to the group manager)
But I was kinda suprised that every user can delete this file. Even if it
belonds to root:root with 700 permissions. Is this a wanted behavior?
TIA
Tobias

-- 
Sent through GMX FreeMail - http://www.gmx.net




--=_alternative 002A0CEF87256964_=
Content-Type: text/html; charset="us-ascii"


<br><font size=2 face="sans-serif">This is not a samba-issue, it's defined behavior under *NIX:</font>
<br>
<br><font size=2 face="sans-serif">Delete access under UNIX requires w(rite) access to the directory which the file is placed in, i.e. your WORLD-writeable directory is </font>
<br><font size=2 face="sans-serif">the reason for this.</font>
<br>
<br><font size=2 face="sans-serif">From http://www.linuxdoc.org/HOWTO/Security-HOWTO-5.html:</font>
<br>
<br><font size=2 face="sans-serif">Permissions - Bits capable of being set or reset to allow certain types of access to it. Permissions for directories may have a different meaning than the same set of permissions on files. </font>
<p><font size=2 face="sans-serif">Read: </font>
<ul>
<li><font size=2 face="sans-serif">To be able to view contents of a file </font>
<li><font size=2 face="sans-serif">To be able to read a directory </font>
<p><font size=2 face="sans-serif">Write: </font>
<ul>
<li><font size=2 face="sans-serif">To be able to add to or change a file </font>
<li><font size=2 face="sans-serif">To be able to delete or move files in a directory </font>
<p><font size=2 face="sans-serif">Execute: </font>
<ul>
<li><font size=2 face="sans-serif">To be able to run a binary program or shell script </font>
<li><font size=2 face="sans-serif">To be able to search in a directory, combined with read permission </font>
<br>
<br><font size=2 face="sans-serif">I would recommend that those of you that's unsure about UNIX security read this HOWTO, as it explains the complexity of security on UNIX</font>
<br><font size=2 face="sans-serif">(not that other OS's are less complex, you just don't get to see all of it..)</font>
<br>
<br><font size=2 face="sans-serif">--Anders</font>
<br>
<br>
<br>
<br>
<table width=100%>
<tr valign=top>
<td>
<td><font size=1 face="sans-serif"><b>Tobias Manthey &lt;tmanthey at gmx.de&gt;</b></font>
<br><font size=1 face="sans-serif">Sent by: samba-ntdom-admin at us4.samba.org</font>
<p><font size=1 face="sans-serif">09/23/2000 05:58 PM</font>
<br>
<td><font size=1 face="Arial">&nbsp; &nbsp; &nbsp; &nbsp; </font>
<br><font size=1 face="sans-serif">&nbsp; &nbsp; &nbsp; &nbsp; To: &nbsp; &nbsp; &nbsp; &nbsp;samba-ntdom at us4.samba.org</font>
<br><font size=1 face="sans-serif">&nbsp; &nbsp; &nbsp; &nbsp; cc: &nbsp; &nbsp; &nbsp; &nbsp;</font>
<br><font size=1 face="sans-serif">&nbsp; &nbsp; &nbsp; &nbsp; Subject: &nbsp; &nbsp; &nbsp; &nbsp;Samba TNG-2.6: File permission problem</font></table>
<br>
<br><font size=2 face="Courier New">Hi all,<br>
please anyone correct me when I state there is no other way to integrate<br>
W2K Clients into a Samba Domain, than to use Samba-TNG?<br>
If so can help me anyone with the following problem.<br>
The follwing directory is shared among the clients<br>
<br>
drwxrwxrwx &nbsp; 8 tobias &nbsp; manager &nbsp; &nbsp; &nbsp;4096 Sep 24 00:30 public<br>
<br>
[public]<br>
path = /usr/local/samba/shares/public<br>
public = no<br>
comment = Public Share<br>
create mask = 775<br>
directory mask = 775<br>
writable = yes<br>
force create mode = 774<br>
<br>
My goal is to create directories to which an ordinary user can add files<br>
but cannot overwrite the existing ones.<br>
<br>
So my apporach was the following:<br>
create a file below public:<br>
-rw-r--r-- &nbsp; 1 tobias &nbsp; manager &nbsp; &nbsp; &nbsp; &nbsp; 0 Sep 24 00:44 test.txt<br>
<br>
(note that a ordinary user does no belong to the group manager)<br>
But I was kinda suprised that every user can delete this file. Even if it<br>
belonds to root:root with 700 permissions. Is this a wanted behavior?<br>
TIA<br>
Tobias<br>
<br>
-- <br>
Sent through GMX FreeMail - http://www.gmx.net<br>
<br>
</font>
<br>
<br></ul></ul></ul>
--=_alternative 002A0CEF87256964_=--

More information about the samba-ntdom mailing list