[Samba] User can't access a share that he has full control of
Jeremy Allison
jra at samba.org
Mon Aug 21 17:22:59 GMT 2006
On Mon, Aug 21, 2006 at 10:14:02AM -0700, Ephi Dror wrote:
> Hi all,
>
> I have noticed that if you create a share to path lets say
> \\dir1\dir2\dir3
> And a user lets say u1 has full control on dir3 BUT no control at all on
> dir2 then user u1 cannot access the share.
What do you mean by "no control" ? Do you mean "rwx" are set to "---" ?
If so, then yes this would be expected.
> We have a situation with clients who typically do the following:
> Create a share to the root of the file system and give only to
> administrator full control on for the root path then he creates folders
> and apply ACLs to them and then creates shares to map those folders
> directly.
> Of course, users can access those folders since they don't have search
> right on the entire path.
Looks like the Windows admins have left the by default "don't check
traversal permissions" set for all users. Windows does this by
default, POSIX doesn't.
> Was it done by purposes?
It's a POSIX difference.
> I quickly modified vfs.c and vfs-wraper .c to change to root before stat
> or chdir is done and then change back to the original vuid and things
> started to work.
> Basically, now it works exactly as windows behaving.
ie. It's ignoring traversal rights.
> Meaning a user can access a share that he has rights to, even that the
> user has no access to all folders leading to that.
I don't want to add this right to Samba. Is there some
reason they can't add the 'x' bit to the top level path ?
Jeremy.
More information about the samba
mailing list