[Samba] UNIX/SAMBA file permission interaction

[Michael Heironimus]

On Sat, Jan 18, 2003 at 10:44:35PM +1100, David Beards wrote:
> Without the sticky bit set on a folder that has rwx set for ogw a file
> can be deleted from within this folder (using Windows Explorer)
> regardless of whether you are the owner or part of the group that this
> file belongs to. (as long as rw is set for the owner) If you use an
> application to modify this same file the application behaves as expected
> and prohibits you from modifying the file.
> 
> If you set the sticky bit on the folder, Windows Explorer then behaves
> as it should (as does the application), and if you are not the owner or
> part of the group that the file belongs to you can not delete the file.
> 
> I'm sorry, I must be missing something as this does not make sense.
> Surely I would have expected SAMBA to adhere to the UNIX permissions
> without the sticky bit being set on the folder.

Samba is adhering to the UNIX permissions, that's how directory
permissions work. rw on the directory means that you (everyone, in your
case) can add/remove directory entries. Deleting a file is nothing more
than removing a directory entry, so you can do it because you're
modifying the directory and not the file. Setting the sticky bit on a
directory changes this behavior to only allow the owner of the file and
the owner of the directory to delete the file.

If you're curious, the sticky bit used to have another meaning (which is
where the name came from). I'm not clear on the details, but it had
something to do with keeping an executable's code segment in memory even
if there wasn't an instance running. I'm not sure if any current variety
of UNIX still implements that behavior, but I think most/all of them do
support sticky bits on directories (it's particularly important for /tmp
and /var/tmp).

-- 
Michael Heironimus