[Samba] Anyone can create empty files (v 3.5.11)

Dan Carpenter dan.carpenter at oracle.com
Fri Sep 23 00:38:56 MDT 2011

I've mounted my cifs partition with a username and password and to
test whether I had my permissions right, I did:

$ sudo su testuser
$ touch asdf
touch: cannot touch `asdf': Permission denied

It says permission denied, but the `asdf' file is still created.  I
can't write any data to it, but I can create empty files.

This is because in smbd/open.c if the file doesn't exist and O_CREAT
flag is set then it lets you open the file without checking

Or am I doing something wrong?  I'm using Debian testing (wheezy).

dan carpenter

More information about the samba mailing list