Bug?: Needs help with File Permissions on NT
slide at slide.tellurian.com.au
slide at slide.tellurian.com.au
Wed Nov 24 06:01:22 GMT 1999
Under Samba 2.0.5a I have attempted using the following configuration
directives:
[homes]
browseable = no
valid users = %S
create mask = 0750
security mask = 00
directory mask = 0750
directory security mask = 00
The result of this appears to be:
Users cannot change the group or other permissions of files and
directories inside the share.
Users can remove permissions to files and directories inside the
share.
Users cannot restore permissions to files and directories within
the share.
Users can remove permissions to the share.
Users cannot restore permissions to the share.
This behaviour does not appear to match the behaviour documented on the
man page. Is this what is meant to happen with security masks?
I have modified my smbd/nttrans.c lines 2337 onwards from:
if(fsp->is_directory) {
perms &= (lp_dir_security_mask(SNUM(conn)) | sbuf.st_mode);
perms |= (lp_force_dir_security_mode(SNUM(conn)) & ( perms ^
sbuf.st_mode ));
} else {
perms &= (lp_security_mask(SNUM(conn)) | sbuf.st_mode);
perms |= (lp_force_security_mode(SNUM(conn)) & ( perms ^
sbuf.st_mode ));
}
to:
if(fsp->is_directory) {
perms &= (lp_dir_security_mask(SNUM(conn)) | sbuf.st_mode);
perms |= (~lp_dir_security_mask(SNUM(conn)) & sbuf.st_mode);
perms |= (lp_force_dir_security_mode(SNUM(conn)) & ( perms ^
sbuf.st_mode ));
} else {
perms &= (lp_security_mask(SNUM(conn)) | sbuf.st_mode);
perms |= (~lp_security_mask(SNUM(conn)) & sbuf.st_mode);
perms |= (lp_force_security_mode(SNUM(conn)) & ( perms ^
sbuf.st_mode ));
}
and now the daemon behaves as I expected.
(reasoning:
perms = a
security_mask = b
st_mode = c
previously, smask was ignored when clearing permissions:
a b c result
0 0 0 0
0 0 1 0
0 1 0 0
0 1 1 0
1 0 0 0
1 0 1 1
1 1 0 1
1 1 1 1
now
a b c result
0 0 0 0
0 0 1 1
0 1 0 0
0 1 1 0
1 0 0 0
1 0 1 1
1 1 0 1
1 1 1 1
)
Sean
Sarabjit Singh said:
> We are running samba 1.9 on Solaris 2.6 server and samba 2.0.4 on Solaris 7 server
>
> On both the servers student access their home directories by NT
> workstations. In 1.9 version While accessing their home drives through
> NT explorer -> Properties they see file system as SAMBA and they only
> see 'General' tab so they can't change the permissions to their home
> directories.
>
> In new version While accessing their home drives through NT explorer
> -> Properties they see file system as NTFS, and see two tabs 'General'
> and 'Security' and they can go to Security and mess up with the
> permission on their home directories. We have tried changing the file
> system by fstype = SAMBA . It does change the file system but security
> tab is still there in new version.
>
> on Solaris they have 701 on their homedirs
> drwx-----x on /home/myhomedir.
>
> Can someone please help regrading it. We don't want student to change
> permission on their home directories so how to get rid of security tab
> in new version of samba.
More information about the samba-technical
mailing list