improved dos attribute handling

John E. Malmberg wb8tyw at
Sun Feb 16 02:19:46 GMT 2003

Ola Lundqvist wrote:
> Sorry. I'm not subscribed to this list so I could not
> preserve the reply-to header. Please Cc: me if you
> want me to know the mail. :)

Bcc: by request.

> On the other hand, with the current setup users must have administrative
> rights to modify read-only bit. This is a problem because in a windows
> environment (with users used to windows stuff) there is no such thing as
> file owners.

There is such a thing as file owners in a domain file server.  This will 
show up in the file properties on Windows under the security properties.

As long as your patch is a selectable behavior, there are probably a lot 
of systems that could use it.

I just wanted to make clear that it does have side effects when you are 
not running in an appliance mode, or if your users are in multiple UNIX 

I do not run UNIX, I run OpenVMS.  It uses a UIC based protection model 
that is similar to UNIX but there might be some differences that are 
important that I may be overlooking.

I can give users write access to a file with out giving them write 
access to the entire directory.  Write access to the directory implies 
that they can add and remove files.

So adding the world write permission back to a file that the user owns 
when the READONLY bit is cleared will allow every other user on the 
system write access to that file, if they know it's path.

Does UNIX require you to have write access to a directory to modify a 
file that you have write access to?

>>You simply do not know what the Group and World settings were prior to 
>>>the Readonly attribute being set.
> And that is why I check the directory permissions. Iff the user has
> write access to the directory and is member of the file it can
> modify the permissions.

As I pointed out above, at least on OpenVMS, that is not a valid 
assumption as to what the users wishes are for the world and group 
access.  Just because they have permission to set them does not mean 
that they mean to.

wb8tyw at
Personal Opinion Only

More information about the samba-technical mailing list