"Inherit Permissions" request for comments

Mayers, P J p.mayers at ic.ac.uk
Sat Jun 3 18:06:57 GMT 2000

I wholly agree with obeying the setgid if igo=no. To do otherwise would be
bad behaviour of the highest order.

It *might* be useful (I can't see myself ever using it) to have a "force
inherit group owner" which would have the following:

force igo = no (default)

                igo: no   igo: yes 
   setgid: no  |    p   |    d    | 
   setgid: yes |    ?   |    d    | 

force igo = yes

                igo: no   igo: yes 
   setgid: *   |    p   |    d    | 

It's pretty icky. *But* it could be added in cleanly afterwards if needed,
so I see no problem with David's suggestion, in that if some (sick, twisted)
people need the force igo option, it can build on top of 
the igo option.

My 2 pence.


-----Original Message-----
From: Jeremy Allison
To: Multiple recipients of list SAMBA-TECHNICAL
Sent: 6/2/00 9:00 PM
Subject: Re: "Inherit Permissions" request for comments

David Lee wrote:
> My own view is coming round to encouraging using the directory's group
> discouraging using the process's group.  That is, that the "?" become
> in the table above.  We end up with:
>    if (igo == yes) {
>       make all reasonable efforts to adopt group-owner of directory,
>       irrespective of setgid bit
>    }
>    else {
>       follow setgid bit
>    }
> One remaining question: the default.  The current behaviour is
> to "igo == no".  Are there any compelling issues one way (UNIX
> igo==no) or the other (NT semantics, igo==yes)?  If not, we just need
> consensus from interested parties.  Someone needs to do an opinion
> Seem OK?

*Excellent* summation ! My own preference would be to keep
the current behaviour of defaults being igo=no with your
matrix. That way lies the principle of least suprises for
the current installs.

This definately looks like a go for 2.2.0 to me. It allows
the desired behaviour.

Any other comments ?


Buying an operating system without source is like buying
a self-assembly Space Shuttle with no instructions.

More information about the samba-technical mailing list