Problems with the lack of a real RO bit with Samba ...

Richard Sharpe rsharpe at
Thu Feb 20 05:09:49 GMT 2003

On Wed, 19 Feb 2003, John E. Malmberg wrote:

> Richard Sharpe wrote:
> > On Wed, 19 Feb 2003, Ken Cross wrote:
> > 
> >>Yes, it could have significant impact.  Is there are problem with the
> >>current way it's set (RO == owner "r" mode)?
> That does not match the way it works on an NT server.  And there is a 
> significant difference.

Indeed ...
> > In our file system, UNIX permission bits are synthesized from ACLs on the 
> > file objects :-)
> > 
> > Can you give me an idea of the 'significant impact'?
> > 
> > I am trying to convince our file system guys that we need a separate RO 
> > attribute to accompany the other attributes (like Hidden, System, etc).
> RO is special.  On Windows NT, It has precedence over all other 
> attributes.  Even "Administrator" access can not override RO.
> So for the filesystem to work correctly with SAMBA as PC users would 
> expect, not only do you need a RO permision, you need logic to make sure 
> that it overrides all other ACLs that would otherwise grant write access.
> It is probably sufficient to leave that "root" can override readonly, 
> but nothing else should be able to, or it will not function as PC users 
> expect.

Actually, we squash root as well. The test for RO has to be done before 
any access permisions are checked.

> I am assuming that this is a LINUX filesystem that you are designing?

Nope. I am not designing it, but we are doing a file system that supports 
Windows and UNIX access, along with high-bandwidth IO.

Richard Sharpe, rsharpe[at], rsharpe[at], 

More information about the samba-technical mailing list