Hi Everyone, Sorry for the dumb question but I'm obviously missing something. One of our users found an odd behavior with SAMBA which I can't explain, but believe it to be related to the SAMBA/Unix permission mapping. Here's what happens: A file existing on a SAMBA share with unix permissions 755 e.g. -rw-r--r-- 1 root other 0 Dec 17 08:51 test.txt can be opened in any Windows application and the security acts as expected. i.e. any user other than root can open the file but if they try and save it they are prohibited and must save it as a new file. However if a user browses using Explorer they have the ability to delete the file from within explorer. (The only exception is if no user has write permissions to the file.) Can anyone help explain this behavior? (BTW, I searched the archives and couldn't find anything that appeared to relate to this problem.) -- David Beards Technical Manager Networks and Systems CFA Ph: +61 3 9262 8204 FAX: +61 3 9262 8383 Mob: 0419 519 366 CAUTION - This message is intended for the use of the individual or entity named above and may contain information that is confidential or privileged. If you are not the intended recipient of this message you are hereby notified that any use, dissemination, distribution or reproduction of this message is prohibited and that you must not take any action in reliance on it. If you have received this communication in error, please notify CFA immediately and destroy the original message.
Sorry, I just re read my email. the Unix permissions were not 755 but 644. (R/W owner, read only group and other) DB David Beards wrote:> Hi Everyone, > > Sorry for the dumb question but I'm obviously missing something. One of > our users found an odd behavior with SAMBA which I can't explain, but > believe it to be related to the SAMBA/Unix permission mapping. Here's > what happens: > > A file existing on a SAMBA share with unix permissions 755 > > e.g. -rw-r--r-- 1 root other 0 Dec 17 08:51 test.txt > > can be opened in any Windows application and the security acts as > expected. i.e. any user other than root can open the file but if they > try and save it they are prohibited and must save it as a new file. > However if a user browses using Explorer they have the ability to delete > the file from within explorer. (The only exception is if no user has > write permissions to the file.) > > Can anyone help explain this behavior? (BTW, I searched the archives and > couldn't find anything that appeared to relate to this problem.)-- David Beards Technical Manager Networks and Systems CFA Ph: +61 3 9262 8204 FAX: +61 3 9262 8383 Mob: 0419 519 366 CAUTION - This message is intended for the use of the individual or entity named above and may contain information that is confidential or privileged. If you are not the intended recipient of this message you are hereby notified that any use, dissemination, distribution or reproduction of this message is prohibited and that you must not take any action in reliance on it. If you have received this communication in error, please notify CFA immediately and destroy the original message.
On Tue, Dec 17, 2002 at 09:03:19AM +1100, David Beards wrote:> A file existing on a SAMBA share with unix permissions 755 > > e.g. -rw-r--r-- 1 root other 0 Dec 17 08:51 test.txt > > can be opened in any Windows application and the security acts as > expected. i.e. any user other than root can open the file but if they > try and save it they are prohibited and must save it as a new file. > However if a user browses using Explorer they have the ability to delete > the file from within explorer. (The only exception is if no user has > write permissions to the file.)What are the UNIX ownerships/permissions on the directory containing test.txt? If the directory is writable to the users they will be able to delete any file in the directory, regardless of ownership. If you want the directory to remain writable to the users but have them only be able to delete files they own you'll need to "chmod +t directory". -- Michael Heironimus
A dumb question deserves a dumb answer! Or several dumb answers. It the file being deleted from the servers hard drive, or just from the explorer window? What user is logged into samba from the client? I would look at the following variables when the user logs in. You can catch these in a preexec script in a share: %G %g %U %u %H I just noticed in my smb.conf I have guest user = root. Makes things easy but not too secure! Are you changing user id's when they log in? The variables above will tell you. If you copy and paste files with explorer, what are the permissions on the new file? Joel On Tue, Dec 17, 2002 at 09:03:19AM +1100, David Beards wrote:> Hi Everyone, > > Sorry for the dumb question but I'm obviously missing something. One of > our users found an odd behavior with SAMBA which I can't explain, but > believe it to be related to the SAMBA/Unix permission mapping. Here's > what happens: > > A file existing on a SAMBA share with unix permissions 755 > > e.g. -rw-r--r-- 1 root other 0 Dec 17 08:51 test.txt > > can be opened in any Windows application and the security acts as > expected. i.e. any user other than root can open the file but if they > try and save it they are prohibited and must save it as a new file. > However if a user browses using Explorer they have the ability to delete > the file from within explorer. (The only exception is if no user has > write permissions to the file.) > > Can anyone help explain this behavior? (BTW, I searched the archives and > couldn't find anything that appeared to relate to this problem.) > -- > David Beards > Technical Manager Networks and Systems > CFA