[Samba] Re: Read-only and POSIX ACLs
Tom Schaefer
tom at umsl.edu
Fri May 13 14:15:03 GMT 2005
Yes Jeremy,
I think that would be a good thing.
To the best of my knowledge, other than the particular situation we are
discussing, a user connected to a writeable share via Samba always has the
exact same ability to operate on files as if they where logged into the
box via a UNIX shell. That is how I as an admin have come to expect it to
operate and how I want it to operate.
Now obviously parameters such as force group and so forth are going to
change what a user can do but by default I'm saying the user should always
have the same ablity via Samba as if using a shell.
Incidentally, the situation you are talking about arises even if you take
ACL's completely out of the picture and have write access via the file's
standard group permissions if the owner doesn't have write. If you do
change Samba to remedy the ACL situation I'd hope you remedy it in this
case too.
As far as an option to enable the current behaviour, sheesh I can't
decide. How many admins would you guess are using the current behaviour
as a feature? I'd guess very few if any. On the other hand, now
that I know about this current oddity of Samba behaviour it almost seems
like something I myself could potentially make use of as a feature.
In summary my votes are:
Make the change? yes
Option to allow current behaviour? no opinion
Tom Schaefer
On Tue, 10 May 2005 12:25:49 -0700
Jeremy Allison <jra at samba.org> wrote:
> Hi all,
>
> I can make a simple change to smbd for the next stable
> release that will cause POSIX ACLs to be checked before returning
> the DOS mode of a file is "read-only". This will fix the case
> that people are complaining about where a POSIX ACL allows write
> access to a file but the standard owner "w" bit is missing (smbd
> currently returns DOS read-only for that case if the DOS attributes
> are not being stored in EA's).
>
> The question is, shall I make that change and if so should I have
> a fallback parameter to turn off the behaviour if people require
> it ?
>
> Comments please (btw: I have to be out in the UK all this week
> but will try and work on things intermittently).
>
> Jeremy.
>
More information about the samba
mailing list