[Samba] File permissions and Unix umask.

Gerry Marthe gmarthe at lateralplains.com
Thu Oct 9 02:21:59 GMT 2008


Yes Jeremy, it seems that I can make the CIFS client violate the
"forced" settings on the Samba server.

Specific example:

/* As root, issue the following mount command from client. */

mount.cifs //10.0.1.5/common /mnt/smb -o
rw,uid=500,user=abdv29,password=*******

/* Switch user to "abdv29" */
su - abdv29

/* Change directory to where the CIFS filesystem is mounted. */

cd /mnt/smb

/* Set umask */
umask 0022

/* Create a couple of files using "touch" and "echo". */

touch f1
echo  "xx" >f2

/* 	On a local EXT3 filesystem, I would expect the two files 
	created above to each have the following symbolic permission:
	"rw-r--r--" and this is indeed so.
	On the CIFS mount, I would expect the "force create mode" to
	override the umask in both cases, giving symbolic permission of:
	"rw-rw-r--"
	This is so only for the file named "f2" created with 
	"/bin/echo".  The file created with "/bin/touch" has symbolic
	permissions of: "rw-r--r--" indicating that the client has
	violated the Server "force" settings.
*/

I have verified this happens with the following Samba versions:

1) Samba server version 3.0.28 running on RHEL-5
   Samba client version 3.2.3 running on Fedora 9.
   "mount.cifs -V" does not show version number, just display usage
   message.

2) Samba server version 3.2.3 running on Fedora 9.
   Samba client version 3.0.28 running on RHEL-5.
   "mount.cifs -V" show version 1.0

Let me know if you need more information.

Gerry.



On Wed, 2008-10-08 at 17:24 -0700, Jeremy Allison wrote:
> On Thu, Oct 09, 2008 at 11:18:49AM +1100, Gerry Marthe wrote:
> > Hi Jeremy,
> > 
> > Thanks - that does make sense.
> > Can you tell me then why "/bin/touch" appears immune to the Samba
> > settings?
> 
> If you can make the CIFS client violate the
> "forced" settings on the Samba server that's
> a server bug and I'll fix it.
> 
> Can you give me a specific example of this
> happening (with Samba and CIFSFS version numbers
> please) ?
> 
> Jeremy.
> 
> 
> ------------------------------------------------------------ 
> 
> This message has been scanned for viruses and dangerous content 
> by MailScanner and is believed to be clean.
> 



------------------------------------------------------------ 

This message has been scanned for viruses and dangerous content 
by MailScanner and is believed to be clean.



More information about the samba mailing list