2.0.7: inherit permissions = yes breaks setting read-only on files

Robert Dahlem Robert.Dahlem at gmx.net
Thu Aug 24 16:59:22 GMT 2000


[samba mailing list dropped here too]

On Thu, 24 Aug 2000 17:18:21 +0100 (BST), David Lee wrote:

>The discussion seems OK, but it might just be worth this 
>clarification of the *intention* of "inherit permissions".
>The "inherit permissions" functionality was new at 2.0.7 so bugs 
>might still lurk.  Its intended behaviour (as distinct from what a 
>particular OS might actually do) is: 
>o  new file: inherit read/write bits from its directory (in most UNIX
>   systems, this is "push the directory's bits through a a 0666 
>   mask". It leaves the "x" bits free to follow Samba's "map 
>   archive" etc. interpretation.

That seems to be what it does.

>o  new directory:  inherit all r/w/x, setgid (g+s) and sticky (+t) 
>   bits from parent directory.  It specifically doesn't inherit 
>   setuid (at present at least).

That IS what it does (at the moment, meaning 2.0.7 release code).

The opposite thing was the origin of the discussion: With "inherit
permissions = no" the SGID bit was not inherited when creating new
directorys although the operating system should provide the

Meanwhile it's clear that "inherit permissions" is innocent in this
point: the behaviour is not caused by smbd/dosmode.c (your code) but in
lib/doscalls.c by a broken dos_mkdir(). Most likely you had no way to
discover this when you developped the code as your development was
based on 2.0.6, where dos_mkdir() was not broken.

The problem with "inherit permissions = yes" is that it effectively
prevents setting the read-only attribute (dropping the w-bit(s)) on
existing files.

All the documentation tells that it only will have effects on newly
created things but it insists on chmod-ing with the parent directories
attributes whenever you fiddle with attributes from the clients side.

>(There was also a discussion a few months ago about a detail of
>directory+setgid: whether (and if so, how) to force group-owner
>inheritance, which some systems do naturally.  But that is another

My $0.02 on this is: have a look at what the unix administrator
intended when he did "chmod g+s" on the directory. It was his/her
decision and samba should not fiddle around in this place.


Robert.Dahlem at gmx.net           Fax +49-69-432647

More information about the samba-technical mailing list