[Samba] Samba 2.2x bits attributes mapped on Linux file permissions

Thierry Terrier thierry.terrier at atolltech.fr
Tue May 20 10:11:39 GMT 2003

I saw some mail and questions about that without an answer.
My personal experiment:
The archive, read-only and hidden attributes are mapped to the x bits of 
file permission.
The attributes can't be used on directories because the x bits are used 
by linux to descend in.
The own user can manage those bits without problem only on a file.
I can get the attribute management on a other user file going smoothly 
only with the actor user defined

in the "admin users" section.
But with this configuration a file created with the user in the "admin 
users" is owned by root and may be a security hole as defined in the man 
of smb.conf:
"You should use this option very carefully, as any user in this list 
will be able to do anything they like on the share, irrespective of file 

I don't know the direction of Samba 2.2x development.
But it seems to me that is possible the test write permission in the 
share *before* to set/clear x bits with root access without let the user 
always root. isn't it ?

the function who's setting attributes is in smbd/dosmode.c:unix_mode(...)
An another function called   int file_chmod(...) seems to use this manner:
check write perms by CAN_WRITE(conn) then ecome_root(); 
conn->vfs_ops.fchmod(...); unbecome_root();

Best regards 

More information about the samba mailing list