Incongruence between cygwin and samba ACL handling
Abramo Bagnara
abramo.bagnara@gmail.com
Thu Aug 14 10:55:00 GMT 2008
Symptoms (qw is a file is inside a samba share mounted with acl/smbntsec):
$ chmod 600 qw
$ stat qw
File: `qw'
Size: 225 Blocks: 1024 IO Block: 65536 regular file
Device: 32e0244h/53346884d Inode: 8800419127317 Links: 1
Access: (0644/-rw-r--r--) Uid: (12000/ abramo) Gid: (12001/g_abramo)
Access: 2008-08-13 23:02:47.000000000 +0200
Modify: 2008-08-13 22:08:12.000000000 +0200
Change: 2008-08-13 22:08:12.000000000 +0200
As you see the permission given is 644 instead of 600.
Verifying the sources of samba 3.0.28a and cygwin cvs, I've tracked down
the problem to the following two incongruent behaviours:
1) cygwin add unconditionally FILE_READ_ATTRIBUTES and FILE_READ_EA to
each security descriptor (see alloc_sd in security.cc)
2) samba maps the presence of any beetwen FILE_READ_DATA, FILE_READ_EA,
FILE_READ_ATTRIBUTES to Unix read permission (see map_nt_perms in
posix_acls.c)
I think that the bug is in cygwin as I'm unable to see the reason to add
the right to read attributes when it's asked to deny read permission,
but perhaps I'm missing something.
As this situation leads to give unwanted permissions, I guess this
should considered a major bug in cygwin (or samba).
I'm willing to produce a proper patch (or to submit a bug report to
samba developers), once heard your opinions.
More information about the Cygwin-developers
mailing list