This is the mail archive of the
cygwin-developers
mailing list for the Cygwin project.
Incongruence between cygwin and samba ACL handling
- From: Abramo Bagnara <abramo dot bagnara at gmail dot com>
- To: cygwin-developers at cygwin dot com
- Date: Thu, 14 Aug 2008 12:54:41 +0200
- Subject: Incongruence between cygwin and samba ACL handling
Symptoms (qw is a file is inside a samba share mounted with acl/smbntsec):
$ chmod 600 qw
$ stat qw
File: `qw'
Size: 225 Blocks: 1024 IO Block: 65536 regular file
Device: 32e0244h/53346884d Inode: 8800419127317 Links: 1
Access: (0644/-rw-r--r--) Uid: (12000/ abramo) Gid: (12001/g_abramo)
Access: 2008-08-13 23:02:47.000000000 +0200
Modify: 2008-08-13 22:08:12.000000000 +0200
Change: 2008-08-13 22:08:12.000000000 +0200
As you see the permission given is 644 instead of 600.
Verifying the sources of samba 3.0.28a and cygwin cvs, I've tracked down
the problem to the following two incongruent behaviours:
1) cygwin add unconditionally FILE_READ_ATTRIBUTES and FILE_READ_EA to
each security descriptor (see alloc_sd in security.cc)
2) samba maps the presence of any beetwen FILE_READ_DATA, FILE_READ_EA,
FILE_READ_ATTRIBUTES to Unix read permission (see map_nt_perms in
posix_acls.c)
I think that the bug is in cygwin as I'm unable to see the reason to add
the right to read attributes when it's asked to deny read permission,
but perhaps I'm missing something.
As this situation leads to give unwanted permissions, I guess this
should considered a major bug in cygwin (or samba).
I'm willing to produce a proper patch (or to submit a bug report to
samba developers), once heard your opinions.