David.Collier-Brown at canada.sun.com
Tue Sep 5 12:34:36 GMT 2000
>> We got: User xxx publishing to area with files owned by yyy):
> utime(2) failing as it was not the file owner.
> chmod(2) setting mode to 764 failing as it was not the owner.
> chmod(2) setting mode to 664 (original setting) failing as it was not the
> The SAMBA config directive (dos filetimes = yes) fixed the utime(2) problem.
> The SAMBA config directive (map archive = no) fixed the first chmod(2).
> We still had the last problem. chmod trying to set mode 664, even though the
> file was already this mode. I realised that this must be because it was not
> doing a "MAP ARCHIVE", so SAMBA did not know it had to ignore it!
> I decided to change the SAMBA source, I added a directive:
> dos mode = Yes/No - Default of No.
> Does this look OK? Have I broken security or caused any side affects? The code
> now works for me and Dreamweaver works. These changes have also fixed the
> problem that Dreamweaver always tried to update all files, not just those that
> had changed when you syncronised the site.
The only thing that's weakened is the protection
against members of the group setting the permissions
of files owned by others.
In the short run, this isn't a big thing: I read it
as Samba attempting to set the mode bits as per an
option in the config file, and the samba admin should
be able to do that. [Please correct me if its isn't
an smb.conf option being honored!]
In the long run, it does open a window for an error
when a client tries to set the permissions of a file
via our emulation of ACLs: I suspect we won't want
to allow that (ie, not honor dos mode in that module).
Security experts: should we even need an option?
I sort of think that create mode options should just
be honored, wil-he nil-he.
And is there a better, more descriptive, name that
we could use for the option if it's picked up?
David Collier-Brown, | Always do right. This will gratify some people
185 Ellerslie Ave., | and astonish the rest. -- Mark Twain
Willowdale, Ontario | //www.oreilly.com/catalog/samba/author.html
Work: (905) 415-2849 Home: (416) 223-8968 Email: davecb at canada.sun.com
More information about the samba-technical