[PATCHESv2] Add vfs_admin vfs module
Jeremy Allison
jra at samba.org
Tue Oct 6 15:41:12 UTC 2015
On Tue, Oct 06, 2015 at 08:36:34AM -0700, Jeremy Allison wrote:
>
> For directories, the only "safe" POSIX way to do this as
> root is :
>
> a). mkdir(name)
> b). fd = open(name, O_RDONLY);
> c). fstat(fd);
> d). Ensure owner/primary group match current POSIX
> creds.
> e). fchown(fd, newcreds);
>
> That's not race-free, but at least it can detect
> any races.
Correction ! That should be:
a). mkdir(name)
a1). chdir(name);
b). fd = open(".", O_RDONLY);
c). fstat(fd);
d). Ensure owner/primary group match current POSIX
creds.
e). fchown(fd, newcreds);
This stuff is tricky :-).
More information about the samba-technical
mailing list