[Samba] Anyone can create empty files (v 3.5.11)
TAKAHASHI Motonobu
monyo at monyo.com
Sun Sep 25 17:18:01 MDT 2011
From: Dan Carpenter <dan.carpenter at oracle.com>
Date: Sun, 25 Sep 2011 20:29:24 +0300
> On Sat, Sep 24, 2011 at 05:04:50PM +0900, TAKAHASHI Motonobu wrote:
> > From: Dan Carpenter <dan.carpenter at oracle.com>
> > Date: Fri, 23 Sep 2011 09:38:56 +0300
> >
> > > I've mounted my cifs partition with a username and password and to
> > > test whether I had my permissions right, I did:
> > >
> > > $ sudo su testuser
> > > $ touch asdf
> > > touch: cannot touch `asdf': Permission denied
> > > $
> > >
> > > It says permission denied, but the `asdf' file is still created. I
> > > can't write any data to it, but I can create empty files.
> >
> > How does "ls -l asdf"?
> >
>
> -rw-r--r-- 1 dcarpenter dcarpenter 0 Sep 19 09:45 asdf
>
> > By default, the permission and owner for a created file is forcibily
> > set on "root 644 because CIFS server (Windows server) essentially does
> > not have semantics of permission. That sometimes causes an odd
> > behavior that you have met.
> >
> > Try noperm option as mentioned:
> > https://lists.samba.org/archive/samba/2011-September/163986.html
> >
>
> The noperm option means that the client doesn't do permission checks.
> I enabled it, and that meant that anyone could write to the samba
> share. That isn't what I wanted. I wanted only the one user to read
> to be able to write files.
Try setuids option instead of noperm. If setuids is enabled, you can
set permissions as usual but remember that those settings are held in
*memory*, so once if you umount and mount again, those settings are
lost.
---
TAKAHASHI Motonobu <monyo at samba.gr.jp>
More information about the samba
mailing list