Bug?: Needs help with File Permissions on NT

[slide at slide.tellurian.com.au]

Under Samba 2.0.5a I have attempted using the following configuration
directives:

[homes]
  browseable = no
  valid users = %S
  create mask = 0750
  security mask = 00
  directory mask = 0750
  directory security mask = 00

The result of this appears to be:
  Users cannot change the group or other permissions of files and
   directories inside the share.
  Users can remove permissions to files and directories inside the 
   share.
  Users cannot restore permissions to files and directories within
   the share.
  Users can remove permissions to the share.
  Users cannot restore permissions to the share.

This behaviour does not appear to match the behaviour documented on the
man page.  Is this what is meant to happen with security masks?

I have modified my smbd/nttrans.c lines 2337 onwards from:

    if(fsp->is_directory) {

      perms &= (lp_dir_security_mask(SNUM(conn)) | sbuf.st_mode);
      perms |= (lp_force_dir_security_mode(SNUM(conn)) & ( perms ^
sbuf.st_mode ));

    } else {
      perms &= (lp_security_mask(SNUM(conn)) | sbuf.st_mode);
      perms |= (lp_force_security_mode(SNUM(conn)) & ( perms ^
sbuf.st_mode ));

    }

to:

    if(fsp->is_directory) {

      perms &= (lp_dir_security_mask(SNUM(conn)) | sbuf.st_mode);
      perms |= (~lp_dir_security_mask(SNUM(conn)) & sbuf.st_mode);
      perms |= (lp_force_dir_security_mode(SNUM(conn)) & ( perms ^
sbuf.st_mode ));

    } else {
      perms &= (lp_security_mask(SNUM(conn)) | sbuf.st_mode);
      perms |= (~lp_security_mask(SNUM(conn)) & sbuf.st_mode);
      perms |= (lp_force_security_mode(SNUM(conn)) & ( perms ^ 
sbuf.st_mode ));

    }

and now the daemon behaves as I expected.

(reasoning:
  perms = a
  security_mask = b
  st_mode = c

  previously, smask was ignored when clearing permissions:

  a  b  c  result
  0  0  0    0
  0  0  1    0
  0  1  0    0
  0  1  1    0
  1  0  0    0
  1  0  1    1
  1  1  0    1
  1  1  1    1

  now

  a  b  c  result
  0  0  0    0
  0  0  1    1
  0  1  0    0
  0  1  1    0
  1  0  0    0
  1  0  1    1
  1  1  0    1
  1  1  1    1

)

Sean

Sarabjit Singh said:
> We are running samba 1.9 on Solaris 2.6 server and samba 2.0.4 on Solaris 7 server
> 
> On both the servers student access their home directories by NT
> workstations. In 1.9 version While accessing their home drives through
> NT explorer -> Properties they see file system as SAMBA and they only
> see 'General' tab so they can't change the permissions to their home
> directories.
> 
> In new version While accessing their home drives through NT explorer
> -> Properties they see file system as NTFS, and see two tabs 'General'
> and 'Security' and they can go to Security and mess up with the
> permission on their home directories. We have tried changing the file
> system by fstype = SAMBA . It does change the file system but security
> tab is still there in new version.
> 
> on Solaris they have 701 on their homedirs
> drwx-----x  on /home/myhomedir.
> 
> Can someone please help regrading it. We don't want student to change
> permission on their home directories so how to get rid of security tab
> in new version of samba.