Bill Moran
2002-Apr-11 18:48 UTC
[Samba] BUG and FIX: "hide unreadable" and "admin user" don't taste great together.
We've noticed some really strange behaviour when a user enters a directory with both "hide unreadable" and "admin users" turned on. (i.e. the person is on the list of "admin users" and the share has "hide unreadable" turned on) The results were pretty weird, files/directories that the user should have seen (even with "admin users" off) were not there. Removing the user from the list of "admin users" promptly solved the problem. On a whim, I guessed that the hide unreadable code was getting confused on what files to hide when the user was a member of "admin users", so I edited dir.c and added the following code snippet to the beginning of user_can_read_file() The theory is that the admin user should never have files hidden from him/her. /* If user is a member of the Admin group * we never hide files from him */ if (conn->admin_user) return 1; I've only done limited testing so far, but it sure seems like this solved the problem. Personally, I'm confident enough that I'll be putting it in on a production server tomorrow. Hope this turns out to be helpful. -- Bill Moran Potential Technology http://www.potentialtech.com
Jeremy Allison
2002-Apr-12 18:14 UTC
[Samba] BUG and FIX: "hide unreadable" and "admin user" don't taste great together.
On Thu, Apr 11, 2002 at 09:52:04PM -0400, Bill Moran wrote:> We've noticed some really strange behaviour when a user > enters a directory with both "hide unreadable" and > "admin users" turned on. (i.e. the person is on the > list of "admin users" and the share has "hide unreadable" > turned on) > The results were pretty weird, files/directories that the > user should have seen (even with "admin users" off) were > not there. > Removing the user from the list of "admin users" promptly > solved the problem. > On a whim, I guessed that the hide unreadable code was > getting confused on what files to hide when the user was > a member of "admin users", so I edited dir.c and added > the following code snippet to the beginning of > user_can_read_file() > The theory is that the admin user should never have > files hidden from him/her. > > /* If user is a member of the Admin group > * we never hide files from him */ > if (conn->admin_user) return 1; > > I've only done limited testing so far, but it sure seems > like this solved the problem. Personally, I'm confident > enough that I'll be putting it in on a production server > tomorrow. Hope this turns out to be helpful.Looks good - I'll add it to 2.2.4 and HEAD. Jeremy.