SMB3 POSIX and deleting files with FILE_ATTRIBUTE_READONLY
Steve French
smfrench at gmail.com
Wed Apr 9 18:43:21 UTC 2025
On Wed, Apr 9, 2025 at 1:18 PM Ralph Boehme <slow at samba.org> wrote:
>
> Hi folks,
>
> what should be the behavior with SMB3 POSIX when a POSIX client tries to
> delete a file that has FILE_ATTRIBUTE_READONLY set?
>
> The major question that we must answer is, if this we would want to
> allow for POSIX clients to ignore this in some way: either completely
> ignore it on POSIX handles or first check if the handle has requested
> and been granted WRITE_ATTRIBUTES access.
I agree that to delete a file with READ_ONLY set should by default require
WRITE_ATTRIBUTES (and delete) permission (better to be safe
in restricting a potential dangerous operation).
But this is a good question ...
> Checking WRITE_ATTRIBUTES first means we would correctly honor
> permissions and the client could have removed FILE_ATTRIBUTE_READONLY
> anyway to then remove the file.
>
> Windows has some new bits FILE_DISPOSITION_IGNORE_READONLY_ATTRIBUTE to
> handle this locally (!) and it seems to be doing it without checking
> WRITE_ATTRIBUTES on the server.
>
> <https://learn.microsoft.com/en-us/openspecs/windows_protocols/ms-fscc/2e860264-018a-47b3-8555-565a13b35a45>
>
> Thoughts?
--
Thanks,
Steve
More information about the samba-technical
mailing list