improved dos attribute handling

Ola Lundqvist opal at debian.org
Sun Feb 16 21:23:15 GMT 2003


Hi

On Sat, Feb 15, 2003 at 09:19:46PM -0500, John E. Malmberg wrote:
> Ola Lundqvist wrote:
> >Sorry. I'm not subscribed to this list so I could not
> >preserve the reply-to header. Please Cc: me if you
> >want me to know the mail. :)
> 
> Bcc: by request.

Thanks. I have now subscribed but I think it failed so please Cc: me
until I got my subscription right.

> <snipped>
> >On the other hand, with the current setup users must have administrative
> >rights to modify read-only bit. This is a problem because in a windows
> >environment (with users used to windows stuff) there is no such thing as
> >file owners.
> 
> There is such a thing as file owners in a domain file server.  This will 
> show up in the file properties on Windows under the security properties.
> 
> As long as your patch is a selectable behavior, there are probably a lot 
> of systems that could use it.

Right now it is selectable but not as a new option. In fact it is activated
by the 'dos filemode' option. If someone can give me a pointer to or
a good advice on how to add such an option.

> I just wanted to make clear that it does have side effects when you are 
> not running in an appliance mode, or if your users are in multiple UNIX 
> groups.

That is true.

> I do not run UNIX, I run OpenVMS.  It uses a UIC based protection model 
> that is similar to UNIX but there might be some differences that are 
> important that I may be overlooking.
> 
> I can give users write access to a file with out giving them write 
> access to the entire directory.  Write access to the directory implies 
> that they can add and remove files.
> 
> So adding the world write permission back to a file that the user owns 
> when the READONLY bit is cleared will allow every other user on the 
> system write access to that file, if they know it's path.

On the other hand you can still do that because the user can copy the file,
delete the old one, create a new one and copy in the content.

> Does UNIX require you to have write access to a directory to modify a 
> file that you have write access to?

No.

> >>You simply do not know what the Group and World settings were prior to 
> >>>the Readonly attribute being set.
> >
> >And that is why I check the directory permissions. Iff the user has
> >write access to the directory and is member of the file it can
> >modify the permissions.
> 
> As I pointed out above, at least on OpenVMS, that is not a valid 
> assumption as to what the users wishes are for the world and group 
> access.  Just because they have permission to set them does not mean 
> that they mean to.

I do not know openvms good enough so I can not tell. :)

Regards,

// Ola

> 
> -John
> wb8tyw at qsl.network
> Personal Opinion Only
> 

-- 
 --------------------- Ola Lundqvist ---------------------------
/  opal at debian.org                     Annebergsslingan 37      \
|  opal at lysator.liu.se                 654 65 KARLSTAD          |
|  +46 (0)54-10 14 30                  +46 (0)70-332 1551       |
|  http://www.opal.dhs.org             UIN/icq: 4912500         |
\  gpg/f.p.: 7090 A92B 18FE 7994 0C36  4FE4 18A1 B1CF 0FE5 3DD9 /
 ---------------------------------------------------------------


More information about the samba-technical mailing list