honouring default_protection ace
COLLOT Jean-Yves
jean-yves.collot at cofiroute.fr
Mon Jan 9 10:54:01 GMT 2006
Hi.
I must admit that I don't clearly understand myself what is the use of some
parameters in the SMB.CONF file.
However, after having checked the code, I can say the following:
1. "create mask" and "create mode" are synonyms, so if you put both
parameters in the SMB.CONF file, only the last one will be effective.
2. The algorithm for setting protection to a created file is :
- if "inherit permissions" is set to true, then the file has the
same protection as the directory in which it is created
- if false, the protection of the file is set to an OR of "create
mask"/"create mode" and of "force create mode". Don't ask me why. I guess
that you may set the "force create mode" parameter at the global level, to
give a minimum access for all the shares, and choose different "create mode"
at the share level to give additional accesses on specific areas.
3. Anyway, because the file protection is fully determined as above, any
DEFAULT_PROTECTION ace on the directory has no effect.
4. You can add aces like "IDENTIFIER=...,OPTIONS=DEFAULT,ACCESS=..." on the
directory, and it will be effective.
5. I don't know what SAMBA_ALTERNATE_DIRECTORY_PROTECTION is. I don't see
any reference to that anywhere in the code.
I hope this will make it a little more clear.
JYC
-----Message d'origine-----
De : samba-vms-bounces+jean-yves.collot=cofiroute.fr at lists.samba.org
[mailto:samba-vms-bounces+jean-yves.collot=cofiroute.fr at lists.samba.org] De
la part de Tom Garcia
Envoyé : jeudi 5 janvier 2006 21:16
À : samba-vms at lists.samba.org
Objet : honouring default_protection ace
I am using Samba 2.2.8 from JYC, February 2005 build on VAX/VMS 7.3.
Adding a DEFAULT_PROTECTION ace for a directory, regardless of the setting
of SAMBA_ALTERNATE_DIRECTORY_PROTECTION, does not appear to have any effect
on new files created in that directory via samba.
"create mask" is 0777, as is "create mode" for the share (I have also tried
omitting the create mode entirely). Rather than the OR behaviour described
in the documentation for the unix version, it appears to simply apply the
"create mode" precisely.
Is this by design, or should I have configured something?
Thanks,
--
Tom Garcia | tgarcia at hivemind.org
PLEASE READ THIS IMPORTANT ETIQUETTE MESSAGE BEFORE POSTING:
http://www.catb.org/~esr/faqs/smart-questions.html
More information about the samba-vms
mailing list