Problems with the lack of a real RO bit with Samba ...
Richard Sharpe
rsharpe at richardsharpe.com
Thu Feb 20 05:09:49 GMT 2003
On Wed, 19 Feb 2003, John E. Malmberg wrote:
> Richard Sharpe wrote:
> > On Wed, 19 Feb 2003, Ken Cross wrote:
> >
> >>Yes, it could have significant impact. Is there are problem with the
> >>current way it's set (RO == owner "r" mode)?
>
> That does not match the way it works on an NT server. And there is a
> significant difference.
Indeed ...
> > In our file system, UNIX permission bits are synthesized from ACLs on the
> > file objects :-)
> >
> > Can you give me an idea of the 'significant impact'?
> >
> > I am trying to convince our file system guys that we need a separate RO
> > attribute to accompany the other attributes (like Hidden, System, etc).
>
> RO is special. On Windows NT, It has precedence over all other
> attributes. Even "Administrator" access can not override RO.
>
> So for the filesystem to work correctly with SAMBA as PC users would
> expect, not only do you need a RO permision, you need logic to make sure
> that it overrides all other ACLs that would otherwise grant write access.
>
> It is probably sufficient to leave that "root" can override readonly,
> but nothing else should be able to, or it will not function as PC users
> expect.
Actually, we squash root as well. The test for RO has to be done before
any access permisions are checked.
> I am assuming that this is a LINUX filesystem that you are designing?
Nope. I am not designing it, but we are doing a file system that supports
Windows and UNIX access, along with high-bandwidth IO.
Regards
-----
Richard Sharpe, rsharpe[at]ns.aus.com, rsharpe[at]samba.org,
sharpe[at]ethereal.com, http://www.richardsharpe.com
More information about the samba-technical
mailing list