directory mode + force directory mode = ???

Chris Watt cnww at chebucto.ns.ca
Sun Apr 23 21:51:35 GMT 2000 

At 06:36 PM 4/23/00 +1000, Edward Schernau wrote:
>Can anyone give a brief, english synopsis of how this
>works?   I must be missing something obvious, or maybe
>there IS a need to have 2 similarly labelled config options.
>Or maybe I'm lost in the goldbergian method that this applies
>permissions (take the real perms, bitwise OR them with the
>mask, then apply all the permissions NOT given, etc. etc.)

There are three stages in determining a directory's UNIX file permissions.
First Samba translates the directory's DOS attributes into the nearest UNIX
equivalent, then extra permission bits are REMOVED by performing a bitwise
AND of that permission set with the value of the "directory mode" or
"directory mask" option. It is then possible to ADD additional permissions
bits with the "force directory mode" which is bitwise OR'd with the result.
In bitwise  boolean algebra the permission set on a directory (as I
understand it) is:

( "DOS Permissions" && "Directory Mode" ) || "Force Directory Mode"

For example, lets say we wanted a permission set that would accept all
directories, make them read/write only to the owner, and make SURE they
were writable by the owner, even if the DOS permission said read-only (not
sure it's possible to set read-only on a dir, but you get the idea). We
would then use

directory mode = 700; Removes all "group" and "other" permissions
force directory mode = 200; Makes sure that the owner write bit is set.

If we actually had a read only directory, this would then amount to the
following bitwise boolean expression:
(We assume that the DOS permissions would be translated as 555)

( 101 101 101 && 111 000 000 ) || 010 000 000
= 101 000 000 || 010 000 000
= 111 000 000

In short, any permission bit which IS NOT set in "Directory Mode" is
removed (unless overridden by "force directory mode") which is good for
getting rid of group and other write bits (for example) and any permission
bit which IS set in "force directory mode" will be set in the final
permission.
Anybody want to correct this explanation?
--

Who is this General Failure, and why is he reading my hard disk?

More information about the samba mailing list