[Samba] Samba 2.2x bits attributes mapped on Linux file permissions
Thierry Terrier
thierry.terrier at atolltech.fr
Tue May 20 10:11:39 GMT 2003
Hi,
I saw some mail and questions about that without an answer.
My personal experiment:
The archive, read-only and hidden attributes are mapped to the x bits of
file permission.
The attributes can't be used on directories because the x bits are used
by linux to descend in.
The own user can manage those bits without problem only on a file.
I can get the attribute management on a other user file going smoothly
only with the actor user defined
in the "admin users" section.
But with this configuration a file created with the user in the "admin
users" is owned by root and may be a security hole as defined in the man
of smb.conf:
"You should use this option very carefully, as any user in this list
will be able to do anything they like on the share, irrespective of file
permissions."
I don't know the direction of Samba 2.2x development.
But it seems to me that is possible the test write permission in the
share *before* to set/clear x bits with root access without let the user
always root. isn't it ?
the function who's setting attributes is in smbd/dosmode.c:unix_mode(...)
An another function called int file_chmod(...) seems to use this manner:
check write perms by CAN_WRITE(conn) then ecome_root();
conn->vfs_ops.fchmod(...); unbecome_root();
Best regards
More information about the samba
mailing list