security hole in 2.0.0 ???

[David S. Chappell]

>I just upgraded to the final release 2.0.0 and got some problems.
>
>I the [homes]-section I have to set "writable = Yes" in order to get
>write access to my home-directory. Unfortunately this allows me to
>delete a file that was created originally by root. But this is not
>actually what I want. In 1.9.18p10 the unix file permissions were at the
>top level and I couldn't do such things.

This sounds normal.  You have write access to your own directory, so you may delete anything you want from it, including files to which you do not have write access.  However you may modify a file created by root only if root gave you write access to that file.  Try it at the shell prompt.

I think you are right when you say this is different from earlier versions.  In 
Samba 2.0.0 the option "alternate permissions" is always on.  Under this scheme, a file is reported to the client as read-only only if its owner can't write it.  Under the previous scheme it is reported as read-only if the current user can't write it.  I suspect that your client was declining to try to delete the file Samba was reporting that it had the MS-DOS read-only bit set.

The new permissions mode, formerly called "alternate permissions" brings Samba much closer to NT behavior.  It also looks like it brings Samba closer to normal Unix behavior.


=========================================================================
David Chappell                         David.Chappell at Mail.Trincoll.Edu
Computing Center                       PostMaster at Mail.Trincoll.Edu
Trinity College                        (860)297-2114
Hartford, Connecticut  06106