Using umask instead of explicit mode bits to create files/directories

David Collier-Brown David.Collier-Brown at canada.sun.com
Wed Nov 29 16:41:56 GMT 2000


Johannes Tyve wrote:
> > > A directory contains the following acls:
> > > default:user::rwx
> > > default:user:ronnie:rwx
> > > default:group::r-x
> > > default:mask:rwx          -- this is going to be what's inherited
> > > default:other:r-x
> >
> > > If I create a directory using (umask 0) mkdir("dir_mode",0755); The
> > > result is:
> > > user::rwx
> > > user:ronnie:rwx         #effective:r-x
> > > group::r-x              #effective:r-x
> > > mask:r-x
> > > other:r-x
> >                             -- as expected
> >
> > > If I create a directory using (umask 022) mkdir("dir_umask",0777); The
> > > result is:
> >                         -- I predict the 777 will be masked to 755
> > > user::rwx
> > > user:ronnie:rwx         #effective:rwx
> > > group::r-x              #effective:r-x
> > > mask:rwx
> > > other:r-x

	[Synopsis: it's hard to get permission right if they are
	implemented via a whole bunch of masks, and ACLs just 
	make it worse by introducing a minimum of two more]

	Ok, I've found the problem, but it's not entirely
	a bug (I was hoping!)

	The umask of 022 really does say to remove
	group write... therefor we need to set the umask to
	correspond to the appropriate modes and masks that
	are set in the smb.conf file.

	This can be dome with your suggested code:
------

int dos_open(char *fname,int flags,mode_t mode)
{
  /* Modified 001113 by jste to use umask instead of requested mode */
  int ret;
  mode_t fumask = 0777 - (mode & 0777);
  umask(fumask);
  mode = mode | 0777;
  /* End modification */

  ret = sys_open(dos_to_unix(fname,False),flags,mode);

  /* Restore umask */
  umask(0);

  return(ret);
}
int dos_mkdir(char *dname,mode_t mode)
{
  int ret;

  /* Modified 001113 by jste to use umask instead of requested mode */
  mode_t fumask = 0777 - (mode & 0777);
  umask(fumask);
  mode = mode | 0777;
  /* End modification */

  ret = mkdir(dos_to_unix(dname,False),mode);

  /* Restore umask */
  umask(0);

  return ret;
  /* We don't need this fix in solaris 2.6. Kind of strange to use
dos_chmod when the mkdir call returns success?!
  if(!ret) {
    return(dos_chmod(dname,mode));
  }
  else
  {
    return ret;
  }
  */
} 
----
Alternately, we could save the umask, set it to 0, set the mode to the
computed desirable value and create the file/directory, then restore the
umask.

One of the folks who groks the and/or/security masks may know a more
elegant approach...

This should be done for any system supporting **both** umask and ACLs.
failing that, setting default ACLs will result in mysterious
misbehaviors
that may well be blamed on Samba.

--dave
-- 
David Collier-Brown,  | Always do right. This will gratify some people
185 Ellerslie Ave.,   | and astonish the rest.        -- Mark Twain
Willowdale, Ontario   | //www.oreilly.com/catalog/samba/author.html
Work: (905) 415-2849 Home: (416) 223-8968 Email: davecb at canada.sun.com




More information about the samba-technical mailing list