As I received no answer to my question, I went through the code and saw
that the "delete readonly = No" (default) option will only refuse to
delete a file
if the DOS attribute readonly is enabled, which means when the owner, the
group, and others don't have, all of them, the "w" right on the
file.
Is it really neccessary to link the DOS readonly attribute to the unix readonly
(no "w") access to _all_ users, and not only to the _current_ windows
user ?
What do you think about the following changes in the can_delete function
(based on the 2.2.5 version) ? When we have the "delete readonly = No"
open, it will simply check if the user has write access to the file before
allowing a delete.
-------------------------------------------------
diff -c reply.orig reply.c
*** reply.orig Wed Jun 19 03:13:48 2002
--- reply.c Fri Sep 13 13:55:32 2002
***************
*** 1984,1989 ****
--- 1984,1990 ----
int smb_action;
int access_mode;
files_struct *fsp;
+ uint32 desired_access = DELETE_ACCESS;
if (!CAN_WRITE(conn))
return NT_STATUS_MEDIA_WRITE_PROTECTED;
***************
*** 1997,2002 ****
--- 1998,2004 ----
if (!lp_delete_readonly(SNUM(conn))) {
if (fmode & aRONLY)
return NT_STATUS_CANNOT_DELETE;
+ desired_access |= FILE_WRITE_DATA;
}
if ((fmode & ~dirtype) & (aHIDDEN | aSYSTEM))
***************
*** 2006,2012 ****
unix_ERR_class = 0;
unix_ERR_code = 0;
! fsp = open_file_shared1(conn, fname, &sbuf, DELETE_ACCESS,
SET_DENY_MODE
(DENY_ALL),
(FILE_FAIL_IF_NOT_EXIST|FILE_EXISTS_OPEN), 0, 0,
&access_mode, &
smb_action);
if (!fsp) {
--- 2008,2014 ----
unix_ERR_class = 0;
unix_ERR_code = 0;
! fsp = open_file_shared1(conn, fname, &sbuf, desired_access,
SET_DENY_MOD
E(DENY_ALL),
(FILE_FAIL_IF_NOT_EXIST|FILE_EXISTS_OPEN), 0, 0,
&access_mode, &
smb_action);
if (!fsp) {
-------------------------------------------------
Thanks for your help,
Pierre
On 10 Sep 2002 at 17:15, Pierre Dehaen wrote:
> Hi All,
>
> I was checking the access rights and a problem (hence a question)
> appeared: Who can delete a file through Samba ?
>
> Suppose we have the following situation:
> drwxrwxrwx john finance directory
> -rw-r--r-- jack finance directory/file
>
> Under unix everyone can delete the file.
>
> Under Samba, the documentation says (due to the Windows sementic) you
> also need the write access to the file to be able to delete it. The
"delete
> readonly" option is set to "no" (default). John doesn't
have the write access
> but:
> - in the properties window, John won't see the Read-only attribute set;
> - John can't update the file;
> - and he can delete the file !
>
> I don't consider the first point as normal but, okay, the "Using
Samba" book
> that comes with Samba says in chapter 5 that:
> "By default, Samba 2.0 sets this whenever a file does not have the
Unix
> owner write permission bit set. In other words, you can set this bit by
> changing the permissions of the file to 555."
>
> What I don't understand are the two other points: these are correct for
the
> unix semantic, not for the DOS/Windows one ! But the same book says:
> "DOS filesystems are not designed for multiple users, and so its
designers
> decided that read-only means "protected against accidental change,
> including deletion," rather than "protected against some other
user on a
> single-user machine." So the designers of DOS prohibited removal of a
read-
> only file. Even today, Windows file systems exhibit the same
behavior."
>
>
> The result of all this is that the "delete readonly" option is
only useful to the
> owner of a file, not to anyone else !!!???
>
> Do you have any idea how I could set the permissions so that a user has the
> rights to create a file in a directory but not to delete the files of other
people ?
> I know about the stickybit, but it won't help on subdirectories created
by users
> unless I enable the inherit option which leads me to other problems...
>
> Thaks in advance,
> Pierre
>
>
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: http://lists.samba.org/mailman/listinfo/samba
>