improved dos attribute handling
John E. Malmberg
wb8tyw at qsl.net
Sun Feb 16 02:19:46 GMT 2003
Ola Lundqvist wrote:
> Sorry. I'm not subscribed to this list so I could not
> preserve the reply-to header. Please Cc: me if you
> want me to know the mail. :)
Bcc: by request.
<snipped>
> On the other hand, with the current setup users must have administrative
> rights to modify read-only bit. This is a problem because in a windows
> environment (with users used to windows stuff) there is no such thing as
> file owners.
There is such a thing as file owners in a domain file server. This will
show up in the file properties on Windows under the security properties.
As long as your patch is a selectable behavior, there are probably a lot
of systems that could use it.
I just wanted to make clear that it does have side effects when you are
not running in an appliance mode, or if your users are in multiple UNIX
groups.
I do not run UNIX, I run OpenVMS. It uses a UIC based protection model
that is similar to UNIX but there might be some differences that are
important that I may be overlooking.
I can give users write access to a file with out giving them write
access to the entire directory. Write access to the directory implies
that they can add and remove files.
So adding the world write permission back to a file that the user owns
when the READONLY bit is cleared will allow every other user on the
system write access to that file, if they know it's path.
Does UNIX require you to have write access to a directory to modify a
file that you have write access to?
>>You simply do not know what the Group and World settings were prior to
>>>the Readonly attribute being set.
>
> And that is why I check the directory permissions. Iff the user has
> write access to the directory and is member of the file it can
> modify the permissions.
As I pointed out above, at least on OpenVMS, that is not a valid
assumption as to what the users wishes are for the world and group
access. Just because they have permission to set them does not mean
that they mean to.
-John
wb8tyw at qsl.network
Personal Opinion Only
More information about the samba-technical
mailing list