Problems with the lack of a real RO bit with Samba ...
rsharpe at richardsharpe.com
Thu Feb 20 05:09:49 GMT 2003
On Wed, 19 Feb 2003, John E. Malmberg wrote:
> Richard Sharpe wrote:
> > On Wed, 19 Feb 2003, Ken Cross wrote:
> >>Yes, it could have significant impact. Is there are problem with the
> >>current way it's set (RO == owner "r" mode)?
> That does not match the way it works on an NT server. And there is a
> significant difference.
> > In our file system, UNIX permission bits are synthesized from ACLs on the
> > file objects :-)
> > Can you give me an idea of the 'significant impact'?
> > I am trying to convince our file system guys that we need a separate RO
> > attribute to accompany the other attributes (like Hidden, System, etc).
> RO is special. On Windows NT, It has precedence over all other
> attributes. Even "Administrator" access can not override RO.
> So for the filesystem to work correctly with SAMBA as PC users would
> expect, not only do you need a RO permision, you need logic to make sure
> that it overrides all other ACLs that would otherwise grant write access.
> It is probably sufficient to leave that "root" can override readonly,
> but nothing else should be able to, or it will not function as PC users
Actually, we squash root as well. The test for RO has to be done before
any access permisions are checked.
> I am assuming that this is a LINUX filesystem that you are designing?
Nope. I am not designing it, but we are doing a file system that supports
Windows and UNIX access, along with high-bandwidth IO.
Richard Sharpe, rsharpe[at]ns.aus.com, rsharpe[at]samba.org,
More information about the samba-technical