force mode
David Collier-Brown
davecb at canada.sun.com
Fri Jun 18 17:15:45 GMT 1999
Cole, Timothy D. wrote:
> Hrm. The intended use of force mode, then, is also file creation.
> Getting back to the 'security mask' and 'security force mode' things, can
> anyone come up with any scenarios where limiting the permissions that can be
> explicitly set via the SMB interface is useful, without giving the admin a
> false sense of security?
I think I've missed something in this discussion somewhere:
if I can
set specific permission bits with "force create mode"
unset others with "create mode",
then what then can't I do at file-creation time? It looks
like I can constrain the user to set or not set anything I want,
which makes me the final arbiter of the permissions.
This also adress the case of an implicit creation (ie, the
PC program creating a new fild during editing). It does no
t address the case of a user changing permissions, but then
we're not discussing that yet....
So it looks like the only other possible thing I might
want is a value to set an initial value, in the equation
result = (initial & mask) | force
--dave (feeling fairly stupid this week) c-b
--
David Collier-Brown, | Always do right. This will gratify some people
185 Ellerslie Ave., | and astonish the rest. -- Mark Twain
Willowdale, Ontario | http://java.science.yorku.ca/~davecb
Work: (905) 477-0437 Home: (416) 223-8968 Email: davecb at canada.sun.com
More information about the samba-technical
mailing list