2.0.7: inherit permissions = yes breaks setting read-only on files

David Lee T.D.Lee at durham.ac.uk
Thu Aug 24 16:18:21 GMT 2000 

On Thu, 24 Aug 2000, Robert Dahlem wrote:

> My own archive of the samba mailing list reaches back until 1996 and 
> what I found there was really interesting:
> 
>     >I've set "force directory mode = 1775" in smb.conf, but when
>     >I make directories in a share through network neighborhood, I
>     >end up with 0775, i.e. user has rwx, group rwx, others rx.
>     >The sticky bit is not getting set.
> 
>     You need to use "directory mode" also.
>     Then, there's a problem in samba <= 2.0.6 regarding the sticky
>     bit.
>     Jeremy Allison posted a patch that will be in 2-0-7:
> 
>     --- source/lib/doscalls.c  Thu Apr  8 14:13:01 1999
>     +++ source/lib/doscalls.c      Tue Dec  7 19:08:41 1999
>     [...]
>     + Cope with UNIXes that don't allow high order mode bits on mkdir.
>     + Patch from gcarter at lanier.com.
> 
> In fact, at least Linux does not handle mkdir("dir", 0n777) with n!=0 
> as expected: the mode seems to be and-ed with 0777.

The discussion seems OK, but it might just be worth this clarification
of the *intention* of "inherit permissions".

The "inherit permissions" functionality was new at 2.0.7 so bugs might
still lurk.  Its intended behaviour (as distinct from what a particular OS
might actually do) is: 

o  new file: inherit read/write bits from its directory (in most UNIX
   systems, this is "push the directory's bits through a a 0666 mask".
   It leaves the "x" bits free to follow Samba's "map archive" etc.
   interpretation.

o  new directory:  inherit all r/w/x, setgid (g+s) and sticky (+t) bits
   from parent directory.  It specifically doesn't inherit setuid (at
   present at least).

My original implementation and development of this functionality was on
Solaris 2.x for which the 2.0.7 implementation is fine.  But I can well
believe that other UNIX systems might require a patch to achieve that
intended functionality.  (I have just checked the behaviour on Solaris:
the sticky (t) bit, does properly get set on a new sub-directory.)

(There was also a discussion a few months ago about a detail of
directory+setgid: whether (and if so, how) to force group-owner
inheritance, which some systems do naturally.  But that is another
story...)

Hope that helps.

-- 

:  David Lee                                I.T. Service          :
:  Systems Programmer                       Computer Centre       :
:                                           University of Durham  :
:  http://www.dur.ac.uk/~dcl0tdl            South Road            :
:                                           Durham                :
:  Phone: +44 191 374 2882                  U.K.                  :

More information about the samba-technical mailing list