Who should be the owner of newly created files when the creator is in the local Administrators group
Jeremy Allison
jra at samba.org
Mon Apr 30 15:31:32 MDT 2012
On Mon, Apr 30, 2012 at 02:26:48PM -0700, Richard Sharpe wrote:
> On 4/30/12, Jeremy Allison <jra at samba.org> wrote:
> > On Mon, Apr 30, 2012 at 02:18:16PM -0700, Richard Sharpe wrote:
> >> > No, we don't do that. I'm in the process of making this work
> >> > for SeBackup/SeRestore opens, but it's tricky...
> >>
> >> I currently have a patch for the obvious path based on my previous
> >> suggestion ... but I have likely forgotten something. I will send it
> >> out for comment.
> >
> > The hard part is having to chdir() into the parent directory
> > first, check it's the right place - and then do the operation
> > (and check you didn't get a smylink race). I've got the plumbing
> > in place (via the struct privilege_paths code) but haven't
> > done the open() codepaths yet.
>
> Heh, this is the bit I forgot about :-(
That's the part that makes it secure. And for obvious reasons
I'm sensitive about that at the moment :-).
More information about the samba-technical
mailing list