Who should be the owner of newly created files when the creator is in the local Administrators group

Jeremy Allison jra at samba.org
Mon Apr 30 15:24:58 MDT 2012

On Mon, Apr 30, 2012 at 02:18:16PM -0700, Richard Sharpe wrote:
> On 4/30/12, Jeremy Allison <jra at samba.org> wrote:
> > On Mon, Apr 30, 2012 at 04:38:52PM -0400, simo wrote:
> >>
> >> So you always do checks in samba and then change to root to open files ?
> >> I did not recall this being allowed last time I wandered in this code,
> >> but it was a while ago.
> >
> > No, we don't do that. I'm in the process of making this work
> > for SeBackup/SeRestore opens, but it's tricky...
> I currently have a patch for the obvious path based on my previous
> suggestion ... but I have likely forgotten something. I will send it
> out for comment.

The hard part is having to chdir() into the parent directory
first, check it's the right place - and then do the operation
(and check you didn't get a smylink race). I've got the plumbing
in place (via the struct privilege_paths code) but haven't
done the open() codepaths yet.


More information about the samba-technical mailing list