security hole in 2.0.0 ???

Florian G. Pflug fgp at
Mon Jan 18 17:41:54 GMT 1999

On Mon, Jan 18, 1999 at 09:41:14PM +1100, Stephan Hendl wrote:
> hi anybody,
> I just upgraded to the final release 2.0.0 and got some problems.
> I the [homes]-section I have to set "writable = Yes" in order to get
> write access to my home-directory. Unfortunately this allows me to
> delete a file that was created originally by root. But this is not
> actually what I want. In 1.9.18p10 the unix file permissions were at the
> top level and I couldn't do such things.
> Any ideas?

Debian GNU/Linux sets the sugid bit of /home/<user> by default. This makes
every new created file by default onwed by the owner of the directory, which
is <user>. S, if let´s say root does "touch /home/<user>/test, the file
test is owned by the user <user> although root created the file - maybe
that´s your problem?

                                     Greetings, Florian Pflug

More information about the samba mailing list