Hi all, I can make a simple change to smbd for the next stable release that will cause POSIX ACLs to be checked before returning the DOS mode of a file is "read-only". This will fix the case that people are complaining about where a POSIX ACL allows write access to a file but the standard owner "w" bit is missing (smbd currently returns DOS read-only for that case if the DOS attributes are not being stored in EA's). The question is, shall I make that change and if so should I have a fallback parameter to turn off the behaviour if people require it ? Comments please (btw: I have to be out in the UK all this week but will try and work on things intermittently). Jeremy.
----- Original Message ----- From: "Jeremy Allison" <jra@samba.org> To: <samba-technical@samba.org>; <samba@samba.org> Sent: Tuesday, May 10, 2005 11:25 PM Subject: Read-only and POSIX ACLs> Hi all, > > I can make a simple change to smbd for the next stable > release that will cause POSIX ACLs to be checked before returning > the DOS mode of a file is "read-only".IMHO, this is good idea.> The question is, shall I make that change and if so should I have > a fallback parameter to turn off the behaviour if people require > it ?We don't use read-only files, afaik, so I don't need this parameter. But, anyway, fallback parameter is always good thing :-)
Yes Jeremy, I think that would be a good thing. To the best of my knowledge, other than the particular situation we are discussing, a user connected to a writeable share via Samba always has the exact same ability to operate on files as if they where logged into the box via a UNIX shell. That is how I as an admin have come to expect it to operate and how I want it to operate. Now obviously parameters such as force group and so forth are going to change what a user can do but by default I'm saying the user should always have the same ablity via Samba as if using a shell. Incidentally, the situation you are talking about arises even if you take ACL's completely out of the picture and have write access via the file's standard group permissions if the owner doesn't have write. If you do change Samba to remedy the ACL situation I'd hope you remedy it in this case too. As far as an option to enable the current behaviour, sheesh I can't decide. How many admins would you guess are using the current behaviour as a feature? I'd guess very few if any. On the other hand, now that I know about this current oddity of Samba behaviour it almost seems like something I myself could potentially make use of as a feature. In summary my votes are: Make the change? yes Option to allow current behaviour? no opinion Tom Schaefer On Tue, 10 May 2005 12:25:49 -0700 Jeremy Allison <jra@samba.org> wrote:> Hi all, > > I can make a simple change to smbd for the next stable > release that will cause POSIX ACLs to be checked before returning > the DOS mode of a file is "read-only". This will fix the case > that people are complaining about where a POSIX ACL allows write > access to a file but the standard owner "w" bit is missing (smbd > currently returns DOS read-only for that case if the DOS attributes > are not being stored in EA's). > > The question is, shall I make that change and if so should I have > a fallback parameter to turn off the behaviour if people require > it ? > > Comments please (btw: I have to be out in the UK all this week > but will try and work on things intermittently). > > Jeremy. >