samba resetting permissions on extant files on NT_TRANSACT_CREATE

Buck Huppmann cjh at frb.gov
Wed Dec 26 14:58:02 GMT 2001


In message <20011217130845.M31683 at va.samba.org>, Jeremy Allison wrote:

> > seems that if samba gets a request to create a file and the file already
> > exists, it will reset the perms on the file. this isn't what NT (4, SP6a)
> > seems to do, and it's not what UNIX does, so i'm having trouble grokking
> > it. at any rate, since it potentially impacts on security, i'm hoping
> > either that someone can hack on this or to be made to understand it
> 
> 
> Yes, it's a bug. Thanks for reporting it. I've fixed
> this in SAMBA_2_2 CVS and HEAD. If you could test it out
> I'd appreciate it....

testing has turned up yet another vagary of samba behavior with
``inherit permissions'' set, although i leave it to you all to discern
whether it's a bug or not

sort of the same scenario as previously, but instead of a SMBntcreateX
even a subsequent SMBwriteX to an existing file will reset the mode *if*
``map archive'' is set and the archive-bit hack hasn't previously been
applied to the file. seems (as excerpted below) file_chmod() will get
called in such a case, and then inherited permissions will override
permissions on the extant file. of course, maybe this is the Right Thing
to Do, but i'm still having trouble making the jump from UNIX filesystem
to SMB semantics, what with my lacking an MCSE and all. speaking of
which (and this is where i'm trolling on the wrong list for a pointer
to the relevant FAQ answer), any harm in un-setting ``map archive'' for
everyday use?

sorry

--- excerpt from samba-2.2.2/source/smbd/fileio.c:write_file(...) ---

  if (!fsp->modified) {
    SMB_STRUCT_STAT st;
    fsp->modified = True;

    if (fsp->conn->vfs_ops.fstat(fsp,fsp->fd,&st) == 0) {
      int dosmode = dos_mode(fsp->conn,fsp->fsp_name,&st);
      if (MAP_ARCHIVE(fsp->conn) && !IS_DOS_ARCHIVE(dosmode)) {
        file_chmod(fsp->conn,fsp->fsp_name,dosmode | aARCH,&st);
      }




More information about the samba-technical mailing list