"Inherit Permissions" request for comments

Jeremy Allison jeremy at valinux.com
Tue May 30 20:39:23 GMT 2000


Kyle Herbert wrote:
> 
> My premise is simple:  to inherit group permissions for a new file or
> sub-directory from the parent directory without also inheriting the group
> ownership of the new file or sub-directory from the parent directory is an
> exploitable flaw in security.  (i.e.  Inheriting the write attribute for the
> group-owner looses its meaning when the group-owner is altered.)
> 
> The current implementation of the "inherit permissions" feature in Samba
> 2.0.7 is 'flawed' (or 'featured' depending upon your point of view ;-) in
> this way.  I devised the attached patch to correct this in hopes that in
> some form it would be included in the next Samba release.
> 
> Note:  this patch does not require that the GID and permissions for the new
> file or sub-directory match the GID and permissions of the root of the file
> share; it only requires that a match be made to the parent directory.
> Furthermore, by administratively changing the ownership and permissions of
> sub-directories within the share, the desired behavior David describes in
> his post to 'Samba' is still achieved (without setgid bits set at the file
> system level).  This flexibility, in fact, would be instrumental in creating
> a "Public" share containing a sub-folder for each department in an
> organization, with each sub-folder writable only by the members of its
> respective department.  Flexibility with no expense to security!

I like the spirit of this patch but not the implementation.

It modifies directly the gid that Samba uses for all operations,
not just the ones in question.

We need to find some other way of doing this, maybe by qualifying
"inherit permissions" to be ignored if the setgid bit is not set
on the parent directory.

Thoughts anyone ?

Jeremy.

-- 
--------------------------------------------------------
Buying an operating system without source is like buying
a self-assembly Space Shuttle with no instructions.
--------------------------------------------------------


More information about the samba-technical mailing list