[Samba] Anyone can create empty files (v 3.5.11)

Dan Carpenter dan.carpenter at oracle.com
Sun Sep 25 11:29:24 MDT 2011

On Sat, Sep 24, 2011 at 05:04:50PM +0900, TAKAHASHI Motonobu wrote:
> From: Dan Carpenter <dan.carpenter at oracle.com>
> Date: Fri, 23 Sep 2011 09:38:56 +0300
> > I've mounted my cifs partition with a username and password and to
> > test whether I had my permissions right, I did:
> > 
> > $ sudo su testuser
> > $ touch asdf
> > touch: cannot touch `asdf': Permission denied
> > $
> > 
> > It says permission denied, but the `asdf' file is still created.  I
> > can't write any data to it, but I can create empty files.
> How does "ls -l asdf"?

-rw-r--r-- 1 dcarpenter dcarpenter 0 Sep 19 09:45 asdf

> By default, the permission and owner for a created file is forcibily
> set on "root 644 because CIFS server (Windows server) essentially does 
> not have semantics of permission. That sometimes causes an odd
> behavior that you have met.
> Try noperm option as mentioned:
>   https://lists.samba.org/archive/samba/2011-September/163986.html

The noperm option means that the client doesn't do permission checks.
I enabled it, and that meant that anyone could write to the samba
share.  That isn't what I wanted.  I wanted only the one user to read
to be able to write files.

But it does show that I didn't understand Samba security before and I
was wrong to blame the server for this.  It should be prevented in
the client side.

I'm still trying to figure it out.  I'm using a 3.1-rc6 kernel on
the client.  But it's probably a configuration problem.

dan carpenter

More information about the samba mailing list