[Samba] User can't access a share that he has full control of

Jeremy Allison jra at samba.org
Mon Aug 21 17:22:59 GMT 2006

On Mon, Aug 21, 2006 at 10:14:02AM -0700, Ephi Dror wrote:
> Hi all,
> I have noticed that if you create a share to  path lets say
> \\dir1\dir2\dir3
> And a user lets say u1 has full control on dir3 BUT no control at all on
> dir2 then user u1 cannot access the share.

What do you mean by "no control" ? Do you mean "rwx" are set to "---" ?
If so, then yes this would be expected.

> We have a situation with clients who typically do the following:
> Create a share to the root of the file system and  give only to
> administrator full control on  for the root path then he creates folders
> and apply ACLs to them and then creates shares to map those folders
> directly.
> Of course, users can access those folders since they don't have search
> right on the entire path.

Looks like the Windows admins have left the by default "don't check
traversal permissions" set for all users. Windows does this by
default, POSIX doesn't.

> Was it done by purposes?

It's a POSIX difference.

> I quickly modified vfs.c and vfs-wraper .c to change to root before stat
> or chdir is done and then change back to the original vuid and things
> started to work.
> Basically, now it works exactly as windows behaving.

ie. It's ignoring traversal rights.

> Meaning a user can access a share that he has rights  to,  even that the
> user has no access to all folders leading to that.

I don't want to add this right to Samba. Is there some
reason they can't add the 'x' bit to the top level path ?


More information about the samba mailing list