This is the mail archive of the cygwin-developers mailing list for the Cygwin project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

Incongruence between cygwin and samba ACL handling


Symptoms (qw is a file is inside a samba share mounted with acl/smbntsec):

$ chmod 600 qw
$ stat qw
  File: `qw'
  Size: 225             Blocks: 1024       IO Block: 65536  regular file
Device: 32e0244h/53346884d      Inode: 8800419127317  Links: 1
Access: (0644/-rw-r--r--)  Uid: (12000/  abramo)   Gid: (12001/g_abramo)
Access: 2008-08-13 23:02:47.000000000 +0200
Modify: 2008-08-13 22:08:12.000000000 +0200
Change: 2008-08-13 22:08:12.000000000 +0200


As you see the permission given is 644 instead of 600.

Verifying the sources of samba 3.0.28a and cygwin cvs, I've tracked down
the problem to the following two incongruent behaviours:

1) cygwin add unconditionally FILE_READ_ATTRIBUTES and FILE_READ_EA to
each security descriptor (see alloc_sd in security.cc)

2) samba maps the presence of any beetwen FILE_READ_DATA, FILE_READ_EA,
FILE_READ_ATTRIBUTES to Unix read permission (see map_nt_perms in
posix_acls.c)

I think that the bug is in cygwin as I'm unable to see the reason to add
the right to read attributes when it's asked to deny read permission,
but perhaps I'm missing something.

As this situation leads to give unwanted permissions, I guess this
should considered a major bug in cygwin (or samba).

I'm willing to produce a proper patch (or to submit a bug report to
samba developers), once heard your opinions.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]