[PATCH] Override 'map XXXX' parameters when 'store dos attributes' is set.
Jeremy Allison
jra at samba.org
Mon May 6 15:24:52 MDT 2013
On Mon, May 06, 2013 at 09:32:43PM +1200, Andrew Bartlett wrote:
> The manpage for 'map readonly' confidently states (even with an
> underline) that:
>
>
> If store dos attributes is set to yes then this parameter is ignored
>
> However, it (as far as I read the code) has never been the case.
>
> This comes up because on NFSv4 systems, as discussed in the thread
> regarding the ACL patches, the owner of a file often has 0 permissions
> (due to there being no @owner acl), and so has the dos readonly flag
> set. This is a pain, as things on windows respect this flag.
>
> To work around this, many platforms with ACLs also set 'store dos
> attributes = true', which makes a lot of sense (as we don't want to be
> messing with permission bits, that would break ACLs badly). A trusting
> user might even dare to trust the we behave as the man-page indicates.
>
> I would like to know if we should change the code to match the manpage,
> or change the manpage to match the code (drop this sentence).
>
> Or if we should make invoking an NFSv4 ACL module force an override here
> of some kind (I dislike vfs modules changing smb.conf values however).
>
> The full paragraph from man smb.conf is:
>
>
> This parameter can take three different values, which tell
> smbd(8) how to display the read only attribute on files,
> where either store dos attributes is set to No, or no
> extended attribute is present. If store dos attributes is set to
> yes then this parameter is ignored. This is a new parameter
> introduced in Samba version 3.0.21.
Here's a patch for master that fixes the code to match the docs
(and also tidies up the docs).
Please review and push if you approve.
If it goes into master we can decide if we need a bug to
back-port for 4.0.next.
Cheers,
Jeremy.
-------------- next part --------------
From f7a5c606d0daf5b9107b8fcf089681a74f85b87f Mon Sep 17 00:00:00 2001
From: Jeremy Allison <jra at samba.org>
Date: Mon, 6 May 2013 14:10:15 -0700
Subject: [PATCH 1/2] Allow "store dos attributes" to override the other "map
XXX" parameters.
Makes us consistent with what is described in the man pages.
Signed-off-by: Jeremy Allison <jra at samba.org>
---
source3/smbd/dosmode.c | 13 ++++++++-----
1 file changed, 8 insertions(+), 5 deletions(-)
diff --git a/source3/smbd/dosmode.c b/source3/smbd/dosmode.c
index b534626..04d27c7 100644
--- a/source3/smbd/dosmode.c
+++ b/source3/smbd/dosmode.c
@@ -354,10 +354,6 @@ static bool set_ea_dos_attribute(connection_struct *conn,
enum ndr_err_code ndr_err;
DATA_BLOB blob;
- if (!lp_store_dos_attributes(SNUM(conn))) {
- return False;
- }
-
ZERO_STRUCT(dosattrib);
ZERO_STRUCT(blob);
@@ -773,7 +769,14 @@ int file_set_dosmode(connection_struct *conn, struct smb_filename *smb_fname,
}
#endif
/* Store the DOS attributes in an EA by preference. */
- if (set_ea_dos_attribute(conn, smb_fname, dosmode)) {
+ if (lp_store_dos_attributes(SNUM(conn))) {
+ /*
+ * Don't fall back to using UNIX modes. Finally
+ * follow the smb.conf manpage.
+ */
+ if (!set_ea_dos_attribute(conn, smb_fname, dosmode)) {
+ return -1;
+ }
if (!newfile) {
notify_fname(conn, NOTIFY_ACTION_MODIFIED,
FILE_NOTIFY_CHANGE_ATTRIBUTES,
--
1.8.2.1
From e7e23c2dac50761013c6156bb6e21362a65e3338 Mon Sep 17 00:00:00 2001
From: Jeremy Allison <jra at samba.org>
Date: Mon, 6 May 2013 14:10:58 -0700
Subject: [PATCH 2/2] Fix up the man pages to explain that "store dos
attributes" overrides them.
Signed-off-by: Jeremy Allison <jra at samba.org>
---
docs-xml/smbdotconf/filename/maparchive.xml | 6 ++++++
docs-xml/smbdotconf/filename/maphidden.xml | 6 ++++++
docs-xml/smbdotconf/filename/mapreadonly.xml | 6 ++++++
docs-xml/smbdotconf/filename/mapsystem.xml | 6 ++++++
docs-xml/smbdotconf/filename/storedosattributes.xml | 4 ++--
5 files changed, 26 insertions(+), 2 deletions(-)
diff --git a/docs-xml/smbdotconf/filename/maparchive.xml b/docs-xml/smbdotconf/filename/maparchive.xml
index ead72cf..33ff876 100644
--- a/docs-xml/smbdotconf/filename/maparchive.xml
+++ b/docs-xml/smbdotconf/filename/maparchive.xml
@@ -13,6 +13,12 @@
</para>
<para>
+ Note that this parameter will be ignored if the <smbconfoption name="store dos attributes"/>
+ parameter is set, as the DOS archive attribute will then be stored inside a UNIX extended
+ attribute.
+ </para>
+
+ <para>
Note that this requires the <smbconfoption name="create mask"/> parameter to be set such that owner
execute bit is not masked out (i.e. it must include 100). See the parameter
<smbconfoption name="create mask"/> for details.
diff --git a/docs-xml/smbdotconf/filename/maphidden.xml b/docs-xml/smbdotconf/filename/maphidden.xml
index 841c687..004f493 100644
--- a/docs-xml/smbdotconf/filename/maphidden.xml
+++ b/docs-xml/smbdotconf/filename/maphidden.xml
@@ -8,6 +8,12 @@
</para>
<para>
+ Note that this parameter will be ignored if the <smbconfoption name="store dos attributes"/>
+ parameter is set, as the DOS hidden attribute will then be stored inside a UNIX extended
+ attribute.
+ </para>
+
+ <para>
Note that this requires the <smbconfoption name="create mask"/> to be set such that the world execute
bit is not masked out (i.e. it must include 001). See the parameter <smbconfoption name="create mask"/>
for details.
diff --git a/docs-xml/smbdotconf/filename/mapreadonly.xml b/docs-xml/smbdotconf/filename/mapreadonly.xml
index 24a2c84..f4ac7c8 100644
--- a/docs-xml/smbdotconf/filename/mapreadonly.xml
+++ b/docs-xml/smbdotconf/filename/mapreadonly.xml
@@ -42,6 +42,12 @@
</para></listitem>
</itemizedlist>
+ <para>
+ Note that this parameter will be ignored if the <smbconfoption name="store dos attributes"/>
+ parameter is set, as the DOS 'read-only' attribute will then be stored inside a UNIX extended
+ attribute.
+ </para>
+
</description>
<value type="default">yes</value>
</samba:parameter>
diff --git a/docs-xml/smbdotconf/filename/mapsystem.xml b/docs-xml/smbdotconf/filename/mapsystem.xml
index 021602d..5605d88 100644
--- a/docs-xml/smbdotconf/filename/mapsystem.xml
+++ b/docs-xml/smbdotconf/filename/mapsystem.xml
@@ -7,6 +7,12 @@
This controls whether DOS style system files should be mapped to the UNIX group execute bit.
</para>
+ <para>
+ Note that this parameter will be ignored if the <smbconfoption name="store dos attributes"/>
+ parameter is set, as the DOS system attribute will then be stored inside a UNIX extended
+ attribute.
+ </para>
+
<para>
Note that this requires the <smbconfoption name="create mask"/> to be set such that the group
execute bit is not masked out (i.e. it must include 010). See the parameter
diff --git a/docs-xml/smbdotconf/filename/storedosattributes.xml b/docs-xml/smbdotconf/filename/storedosattributes.xml
index 621b4ac..acd78b0 100644
--- a/docs-xml/smbdotconf/filename/storedosattributes.xml
+++ b/docs-xml/smbdotconf/filename/storedosattributes.xml
@@ -8,9 +8,9 @@
READ-ONLY) from a filesystem extended attribute, before mapping DOS attributes to UNIX permission bits (such
as occurs with <smbconfoption name="map hidden"/> and <smbconfoption name="map readonly"/>). When set, DOS
attributes will be stored onto an extended attribute in the UNIX filesystem, associated with the file or
- directory. For no other mapping to occur as a fall-back, the parameters <smbconfoption name="map hidden"/>,
+ directory. When this parameter is set it will override the parameters <smbconfoption name="map hidden"/>,
<smbconfoption name="map system"/>, <smbconfoption name="map archive"/> and <smbconfoption name="map
- readonly"/> must be set to off. This parameter writes the DOS attributes as a string into the extended
+ readonly"/> and they will behave as if they were set to off. This parameter writes the DOS attributes as a string into the extended
attribute named "user.DOSATTRIB". This extended attribute is explicitly hidden from smbd clients requesting an
EA list. On Linux the filesystem must have been mounted with the mount option user_xattr in order for
extended attributes to work, also extended attributes must be compiled into the Linux kernel.
--
1.8.2.1
More information about the samba-technical
mailing list