force mode
Cole, Timothy D.
timothy_d_cole at md.northgrum.com
Fri Jun 18 17:28:01 GMT 1999
> -----Original Message-----
> From: David Collier-Brown [SMTP:davecb at canada.sun.com]
> Sent: Friday, June 18, 1999 13:16
> To: Cole, Timothy D.; Multiple recipients of list
> Subject: Re: force mode
>
> Cole, Timothy D. wrote:
> > Hrm. The intended use of force mode, then, is also file
> creation.
> > Getting back to the 'security mask' and 'security force mode' things,
> can
> > anyone come up with any scenarios where limiting the permissions that
> can be
> > explicitly set via the SMB interface is useful, without giving the admin
> a
> > false sense of security?
>
> I think I've missed something in this discussion somewhere:
> if I can
> set specific permission bits with "force create mode"
> unset others with "create mode",
> then what then can't I do at file-creation time? It looks
> like I can constrain the user to set or not set anything I want,
> which makes me the final arbiter of the permissions.
>
> This also adress the case of an implicit creation (ie, the
> PC program creating a new fild during editing). It does no
> t address the case of a user changing permissions, but then
> we're not discussing that yet....
>
> Actually, we are ... I'm afraid I transitioned back to that topic in the
> second sentence up there without flagging it very well.
>
> So it looks like the only other possible thing I might
> want is a value to set an initial value, in the equation
> result = (initial & mask) | force
>
> Hmm... for file creation, you ought to be able to synthesize that with
> force alone.
>
More information about the samba-technical
mailing list