Problems with the lack of a real RO bit with Samba ...

John E. Malmberg wb8tyw at
Thu Feb 20 02:41:16 GMT 2003

Richard Sharpe wrote:
> Now, Windows has a RO bit and ACLS, and you can have ACLs on the file that 
> give everyone WRITE access, while the RO bit gives no one WRITE access.
> My question is, is anyone aware of any real application that would be 
> confused if the RO bit were synthesized by setting an appropriate ACL on 
> the file?

The Windows NT 4.0 "replication" Service is confused by the way that the 
  RO bit works now.  It copies the attribute to the destination 
directory, and then has problem because it can not deal with the fact 
that it no longer has permission to modify the file, even if it does not 
have to change the file.  I do not know if Windows 2000 has that feature.

I have seen reports on this list of applications playing with the 
Archive bit and getting confused when it does not work right.

The same may be true of the Readonly bit.  However since SAMBA is not 
doing it the Microsoft Windows way, there will likely be confusion no 
matter what you do.  I recommend erring on the side of compatability 
with Microsoft Windows.

> I am aware that this could mean that if an inappropriate ACL were added to 
> the file, perhaps by mistake (when setting ACLs on all files in a tree), 
> the RO bit could disappear.

On OpenVMS, You can give some entries in an ACL a "PROTECTED" attribute. 
  Then it is harder to have such accidents.  Of course that makes 
"PROTECTED" attributes a pain to work with at times.

wb8tyw at
Personal Opinion Only

More information about the samba-technical mailing list