[Samba] Anyone can create empty files (v 3.5.11)
Dan Carpenter
dan.carpenter at oracle.com
Sun Sep 25 11:29:24 MDT 2011
On Sat, Sep 24, 2011 at 05:04:50PM +0900, TAKAHASHI Motonobu wrote:
> From: Dan Carpenter <dan.carpenter at oracle.com>
> Date: Fri, 23 Sep 2011 09:38:56 +0300
>
> > I've mounted my cifs partition with a username and password and to
> > test whether I had my permissions right, I did:
> >
> > $ sudo su testuser
> > $ touch asdf
> > touch: cannot touch `asdf': Permission denied
> > $
> >
> > It says permission denied, but the `asdf' file is still created. I
> > can't write any data to it, but I can create empty files.
>
> How does "ls -l asdf"?
>
-rw-r--r-- 1 dcarpenter dcarpenter 0 Sep 19 09:45 asdf
> By default, the permission and owner for a created file is forcibily
> set on "root 644 because CIFS server (Windows server) essentially does
> not have semantics of permission. That sometimes causes an odd
> behavior that you have met.
>
> Try noperm option as mentioned:
> https://lists.samba.org/archive/samba/2011-September/163986.html
>
The noperm option means that the client doesn't do permission checks.
I enabled it, and that meant that anyone could write to the samba
share. That isn't what I wanted. I wanted only the one user to read
to be able to write files.
But it does show that I didn't understand Samba security before and I
was wrong to blame the server for this. It should be prevented in
the client side.
I'm still trying to figure it out. I'm using a 3.1-rc6 kernel on
the client. But it's probably a configuration problem.
regards,
dan carpenter
More information about the samba
mailing list