[Samba] dos filemode (security concern)
jra at samba.org
Fri Feb 29 11:17:54 GMT 2008
On Fri, Feb 29, 2008 at 11:26:48AM +0100, Ralf Gross wrote:
> Ralf Gross schrieb:
> > I've a question about the 'dos filemode' option (samba 3.0.24, debian etch). I
> > want to use this option to allow group members with write access to add/change
> > permissions.
> > man smb.conf:
> > dos filemode (S)
> > only the owner of a file/directory is able to change the permissions on it.
> > However, this behavior is often confusing to DOS/Windows users. Enabling
> > this parameter allows a user who has write access to the file (by whatever
> > means) to modify the permissions (including ACL) on it. Note that a user
> > belonging to the group owning the file will not be allowed to change
> > permissions if the group is only granted read access. Ownership of the
> > file/directory may also be changed.
> > I am member of the group users, but I've no write access to the directory. So
> > I'd think that I'm not allowed to add users or change permissions. But this is
> > not true here.
> This starts to be a real problem here...
> The 'dos filemode' option is not working as described in the man page.
> At least not for me.
> Following the man page, user with write permissions should be abel to
> change permission. But that's not what I observe here.
> - the owning group is always able to change the permissions, even if I
> remove all permissions for this group (group::---).
> - other users with write access are not allowed to change permissions
> (either with direct rwx permissions or as member of a group with rwx
The docs are confusing here. For permission control,
the semantics of the "acl group control" are being
replaced by "dos filemode". The docs for "acl group control"
In a POSIX filesystem, only the owner of a file or directory and the superuser
can modify the permissions and ACLs on a file. If this parameter is set, then
Samba overrides this restriction, and also allows the primary group owner of a
file or directory to modify the permissions and ACLs on that file.
which is what you are seeing.
The internal code is :
static BOOL acl_group_override(connection_struct *conn, gid_t prim_gid)
if ( (errno == EACCES || errno == EPERM)
&& (lp_acl_group_control(SNUM(conn)) || lp_dos_filemode(SNUM(conn)))
What we should do I think is add the text from "acl group control" to
the "dos filemode" text.
More information about the samba