[Samba] dos filemode (security concern)
Ralf Gross
Ralf-Lists at ralfgross.de
Fri Feb 29 11:34:10 GMT 2008
Jeremy Allison schrieb:
> On Fri, Feb 29, 2008 at 11:26:48AM +0100, Ralf Gross wrote:
> > Ralf Gross schrieb:
> > >
> > > I've a question about the 'dos filemode' option (samba 3.0.24, debian etch). I
> > > want to use this option to allow group members with write access to add/change
> > > permissions.
> > >
> > > man smb.conf:
> > >
> > > dos filemode (S)
> > > only the owner of a file/directory is able to change the permissions on it.
> > > However, this behavior is often confusing to DOS/Windows users. Enabling
> > > this parameter allows a user who has write access to the file (by whatever
> > > means) to modify the permissions (including ACL) on it. Note that a user
> > > belonging to the group owning the file will not be allowed to change
> > > permissions if the group is only granted read access. Ownership of the
> > > file/directory may also be changed.
> > >
> > >
> > > I am member of the group users, but I've no write access to the directory. So
> > > I'd think that I'm not allowed to add users or change permissions. But this is
> > > not true here.
> > [...]
> >
> > This starts to be a real problem here...
> >
> > The 'dos filemode' option is not working as described in the man page.
> > At least not for me.
> >
> > Following the man page, user with write permissions should be abel to
> > change permission. But that's not what I observe here.
> >
> > - the owning group is always able to change the permissions, even if I
> > remove all permissions for this group (group::---).
> >
> > - other users with write access are not allowed to change permissions
> > (either with direct rwx permissions or as member of a group with rwx
> > perms)
>
> The docs are confusing here. For permission control,
> the semantics of the "acl group control" are being
> replaced by "dos filemode". The docs for "acl group control"
> state :
>
> In a POSIX filesystem, only the owner of a file or directory and the superuser
> can modify the permissions and ACLs on a file. If this parameter is set, then
> Samba overrides this restriction, and also allows the primary group owner of a
> file or directory to modify the permissions and ACLs on that file.
>
> which is what you are seeing.
>
> The internal code is :
> [snip]
> What we should do I think is add the text from "acl group control" to
> the "dos filemode" text.
Thanks, for your response. Btw, there is also an open bug report about
this: https://bugzilla.samba.org/show_bug.cgi?id=5255
So the behavior of the 'dos filemode' option and the 'acl group
control' are mixed at the moment?
I think the description of the 'dos filemode' option in the man page
is completely wrong...
dos filemode (S)
The default behavior in Samba is to provide UNIX-like behavior
where only the owner of a file/directory is able to change the
permissions on it. However, this behavior is often confusing to
DOS/Windows users. Enabling this parameter allows a user who has
write access to the file (by whatever means) to modify the
permissions (including ACL) on it. Note that a user belonging to
the group owning the file will not be allowed to change
permissions if the group is only granted read access. Ownership of
the file/directory may also be changed.
...because the owing group is always able to change permissions,
regardless if it has write access to a file or not. And other users
never get the right to change permissions, even if they have write
access.
Ralf
More information about the samba
mailing list