"Inherit Permissions" request for comments

David Lee T.D.Lee at durham.ac.uk
Wed May 31 12:18:02 GMT 2000 

On Wed, 31 May 2000, Jeremy Allison wrote:

> I like the spirit of this patch but not the implementation.
> 
> It modifies directly the gid that Samba uses for all operations,
> not just the ones in question.
> 
> We need to find some other way of doing this, maybe by qualifying
> "inherit permissions" to be ignored if the setgid bit is not set
> on the parent directory.
> 
> Thoughts anyone ?

Same here.  (I ought, of course, to declare an interest/bias as the
originator of "inherit permissions".  So take that bias into account...) 

The principles need further exploration.  We need a table of how any
proposed "inherit group owner" functionality (however implemented) would
interact with UNIX+setgid.  Needed: a volunteer (and here I take a step
back) to step forward, please. 

Possible issues to consider:

1.  Are there some flavours of UNIX that lack setgid functionality on
    directories (reminder: setgid on directory on most UNIXes means
    inherit group owner)?

2.  Are there some other operating systems on which Samba runs that lack
    setgid on directories?

3.  Kyle's suggestion that "inherit group owner" functionality should be
    default (or at least, easily and reliably settable) is important
    for environments where the UNIX view of the filestore is irrelevant.
    (At our site, the UNIX view is highly relevant.)

4.  Current behaviour ("inherit group owner" functionality) gives full
    flexibility, but requires some UNIX knowledge by user and/or the
    system-administrator/helpdesk.

As for the implementation, I have a gut feeling that "dosmode.c" is a more
appropriate place than Kyle's initial draft in "uid.c".  That is, that
this is done directly on the file, not by chaging the gid of the process. 
But, as with the tabulation proposed above, I haven't put in the work to
prove/disprove my own conjecture.  And current work and domestic pressures
on time make that unlikely in the near future. 

Hope that contribution helps.

-- 

:  David Lee                                I.T. Service          :
:  Systems Programmer                       Computer Centre       :
:                                           University of Durham  :
:  http://www.dur.ac.uk/~dcl0tdl            South Road            :
:                                           Durham                :
:  Phone: +44 191 374 2882                  U.K.                  :

More information about the samba-technical mailing list