[PATCH] Override 'map XXXX' parameters when 'store dos attributes' is set.

Andrew Bartlett abartlet at samba.org
Mon May 6 15:33:58 MDT 2013 

On Mon, 2013-05-06 at 14:24 -0700, Jeremy Allison wrote:
> On Mon, May 06, 2013 at 09:32:43PM +1200, Andrew Bartlett wrote:
> > The manpage for 'map readonly' confidently states (even with an
> > underline) that:
> > 
> > 
> > If store dos attributes is set to yes then this parameter is ignored
> > 
> > However, it (as far as I read the code) has never been the case.  
> > 
> > This comes up because on NFSv4 systems, as discussed in the thread
> > regarding the ACL patches, the owner of a file often has 0 permissions
> > (due to there being no @owner acl), and so has the dos readonly flag
> > set.  This is a pain, as things on windows respect this flag.
> > 
> > To work around this, many platforms with ACLs also set 'store dos
> > attributes = true', which makes a lot of sense (as we don't want to be
> > messing with permission bits, that would break ACLs badly).  A trusting
> > user might even dare to trust the we behave as the man-page indicates. 
> > 
> > I would like to know if we should change the code to match the manpage,
> > or change the manpage to match the code (drop this sentence).
> > 
> > Or if we should make invoking an NFSv4 ACL module force an override here
> > of some kind (I dislike vfs modules changing smb.conf values however).
> > 
> > The full paragraph from man smb.conf is:
> > 
> > 
> >            This parameter can take three different values, which tell
> > smbd(8) how to display the read only attribute on files,
> >            where either store dos attributes is set to No, or no
> > extended attribute is present. If store dos attributes is set to
> >            yes then this parameter is ignored. This is a new parameter
> > introduced in Samba version 3.0.21.
> 
> Here's a patch for master that fixes the code to match the docs
> (and also tidies up the docs).
> 
> Please review and push if you approve.
> 
> If it goes into master we can decide if we need a bug to
> back-port for 4.0.next.

Thanks, these are in autobuild.  I think this is the right approach, as
while dos attributes are important, I don't think the migration case
(where the fallback would help) is important enough compared with having
a clear distinction between if we are using attributes or permissions. 

I also just don't think these are used very much any more, and in the
increasingly complex world of permissions, I'm glad to see the
overloading of this gone. 

The question of 4.0 is interesting, because it is a behaviour change,
but there is always a good case for behaving as documented. 

Andrew Bartlett

-- 
Andrew Bartlett                                http://samba.org/~abartlet/
Authentication Developer, Samba Team           http://samba.org

More information about the samba-technical mailing list