Problems with the lack of a real RO bit with Samba ...

John E. Malmberg wb8tyw at
Thu Feb 20 02:41:40 GMT 2003

Richard Sharpe wrote:
> On Wed, 19 Feb 2003, Ken Cross wrote:
>>Yes, it could have significant impact.  Is there are problem with the
>>current way it's set (RO == owner "r" mode)?

That does not match the way it works on an NT server.  And there is a 
significant difference.

> In our file system, UNIX permission bits are synthesized from ACLs on the 
> file objects :-)
> Can you give me an idea of the 'significant impact'?
> I am trying to convince our file system guys that we need a separate RO 
> attribute to accompany the other attributes (like Hidden, System, etc).

RO is special.  On Windows NT, It has precedence over all other 
attributes.  Even "Administrator" access can not override RO.

So for the filesystem to work correctly with SAMBA as PC users would 
expect, not only do you need a RO permision, you need logic to make sure 
that it overrides all other ACLs that would otherwise grant write access.

It is probably sufficient to leave that "root" can override readonly, 
but nothing else should be able to, or it will not function as PC users 

I am assuming that this is a LINUX filesystem that you are designing?

wb8tyw at
Personal Opinion Only

More information about the samba-technical mailing list