[Samba] UNIX/SAMBA file permission interaction

David Beards d.beards at cfa.vic.gov.au
Sat Jan 18 23:40:01 GMT 2003 

Thanks Michael,

After receiving this it prompted me to try something different, this
time on the UNIX level. For some reason I was under the belief that
regardless of the directory permissions the file permissions stood. i.e.
if I had a file with permission 644 and I was not the owner then I would
not be permitted to delete it. However having tried it I find that
Solaris prompts me if I wish to overwrite the default protection. I then
tried editing the file and got back the result permission denied.

Thanks for the push in the right direction. I've been dealing with Unix
for around 10 years now and I've just been shown I still don't really
understand how it is working....

Once again thanks. (And hopefully these emails will help others
understand how it works.)

David

Michael Heironimus wrote:
> 
> On Sat, Jan 18, 2003 at 10:44:35PM +1100, David Beards wrote:
> > Without the sticky bit set on a folder that has rwx set for ogw a file
> > can be deleted from within this folder (using Windows Explorer)
> > regardless of whether you are the owner or part of the group that this
> > file belongs to. (as long as rw is set for the owner) If you use an
> > application to modify this same file the application behaves as expected
> > and prohibits you from modifying the file.
> >
> > If you set the sticky bit on the folder, Windows Explorer then behaves
> > as it should (as does the application), and if you are not the owner or
> > part of the group that the file belongs to you can not delete the file.
> >
> > I'm sorry, I must be missing something as this does not make sense.
> > Surely I would have expected SAMBA to adhere to the UNIX permissions
> > without the sticky bit being set on the folder.
> 
> Samba is adhering to the UNIX permissions, that's how directory
> permissions work. rw on the directory means that you (everyone, in your
> case) can add/remove directory entries. Deleting a file is nothing more
> than removing a directory entry, so you can do it because you're
> modifying the directory and not the file. Setting the sticky bit on a
> directory changes this behavior to only allow the owner of the file and
> the owner of the directory to delete the file.
> 
> If you're curious, the sticky bit used to have another meaning (which is
> where the name came from). I'm not clear on the details, but it had
> something to do with keeping an executable's code segment in memory even
> if there wasn't an instance running. I'm not sure if any current variety
> of UNIX still implements that behavior, but I think most/all of them do
> support sticky bits on directories (it's particularly important for /tmp
> and /var/tmp).
> 
> --
> Michael Heironimus
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  http://lists.samba.org/mailman/listinfo/samba

-- 
David Beards
Technical Manager Networks and Systems
CFA
8 Lakeside Drive
Burwood East 3151

Ph: 9262 8204
Mobile: 0419 519 366

CAUTION - This message is intended for the use of the individual or
entity named above and may contain information that is confidential or
privileged.  If you are not the intended recipient of this message you
are hereby notified that any use, dissemination, distribution or
reproduction of this message is prohibited and that you must not take
any action in reliance on it.  If you have received this communication
in error, please notify CFA immediately and destroy the original
message.

More information about the samba mailing list