Strickland Christopher B DLVA
2002-Aug-14 10:14 UTC
[Samba] Samba isn't functional here?? Or my settings??
Hello all. I've encountered a strange situation while testing samba-2.2.5. We placed a .exe file within a samba share and gave only read permissions to everyone. It mapped correctly on the unix side and it appears in the NT security box with only read permissions for everyone, but it still executes when opened. I've included my smb.conf file and the host is a Sun Microsystems Enterprise 10K running Solaris 7. I'm stumped on this one guys. Please reply with any ideas or suggestions. Thank you, Bryon
Ahh, you must be a unix guy.... It's really very simple. Windows NT does not have Execute permission. If it ends in .exe .com .bat .dll (There might be a few I'm missing). And the user has permission to read the file, the OS will execute it. The file server has no way to know what the client OS intends to do with the file when it receives a read request. On Wed, 14 Aug 2002, Strickland Christopher B DLVA wrote: Hello all. I've encountered a strange situation while testing samba-2.2.5. We placed a .exe file within a samba share and gave only read permissions to everyone. It mapped correctly on the unix side and it appears in the NT security box with only read permissions for everyone, but it still executes when opened. I've included my smb.conf file and the host is a Sun Microsystems Enterprise 10K running Solaris 7. I'm stumped on this one guys. Please reply with any ideas or suggestions. Thank you, Bryon
Andrew Bartlett
2002-Aug-17 01:51 UTC
[Samba] Samba isn't functional here?? Or my settings??
Strickland Christopher B DLVA wrote:> > Hello all. I've encountered a strange situation while testing samba-2.2.5. > We placed a .exe file within a samba share and gave only read permissions to > everyone. It mapped correctly on the unix side and it appears in the NT > security box with only read permissions for everyone, but it still executes > when opened. I've included my smb.conf file and the host is a Sun > Microsystems Enterprise 10K running Solaris 7. I'm stumped on this one > guys. Please reply with any ideas or suggestions.We don't do any mapping of windows 'execute' permissions - I'm not sure they are even well defined in SMB anyway. I've seen some vague flags somewhere, but implementing this in Samba would be non-trivial. The problem is that Samba leave file permissions up to the OS, and it's kernel. We return 'access denied' when the kernel won't allow us to open/read/write rather than checking permissions manually. Because *we* are opening the file for read, (even if the client is attempting to execute it) we can't get the kernel to enforce such a permission. There are ideas around to rewrite the VFS layer for NT semantics, and this would allow you to write a (still race prone) module to accomplish what you desire. Andrew Bartlett -- Andrew Bartlett abartlet@pcug.org.au Manager, Authentication Subsystems, Samba Team abartlet@samba.org Student Network Administrator, Hawker College abartlet@hawkerc.net http://samba.org http://build.samba.org http://hawkerc.net