File Permission Suggestion

[Tristan Ball]

>
>
>Of a related note, the READONLY dos attribute can not be implemented
>on SAMBA to work the same way as on NT.
>
>You can allow a client to set a file READONLY, but not to clear it.
>Why?
>
>Because you do not know if the user intended to grant write access to
>only themselves or the group and world.
>
I'm not sure that this is quite true. To a windows user, whether or not 
a file is read only is entirely seperate from ACL permissions. A user 
setting a file read only will expect it to be read only regardless of 
any write access provided by ACL's. Conversely, clearing the read only 
bit should allow write access as specified by the acl's or normal 
permissions. This is essentually the same functionality as provided by 
ext2's immutable flag. Under pc clients, the read only bit really isn't 
a security feature tho, it's more of an advisory warning.

We use read only as an informal document control mechanisim. When a 
document is released, it's marked as read only. That doesn't stop people 
clearing the read only bit, but everyone here knows what it means. It 
also means that if a released document does need to be edited, the users 
can clear the readonly, but they will only have write access if the 
permissions allow it.

The problem really boils down to under samba, we try and emulate a 
non-security feature from the security of the file, which is never going 
to be perfect. (I'm not critisising, I know why the current scheme was 
chosen) For our environment, having the read only bit map to say the t 
bit would be more usefull. The clients are all windows, so I don't have 
to worry about unix access to the files, and because read only is then 
seperate from the permissions, windows clients would get the expected 
behaviour. Possibly a config option to change how the readonly bit is 
presented would be a good idea.

 I may have just motivated myself into a patch :-)

T.