Bug 12437 - vfs_fruit does not respect "inherit permissions" leading to world readable files/dirs
Summary: vfs_fruit does not respect "inherit permissions" leading to world readable fi...
Status: NEW
Alias: None
Product: Samba 4.1 and newer
Classification: Unclassified
Component: VFS Modules (show other bugs)
Version: 4.4.7
Hardware: x64 Mac OS X
: P5 normal (vote)
Target Milestone: ---
Assignee: Ralph Böhme
QA Contact: Samba QA Contact
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2016-11-18 16:23 UTC by cwseys
Modified: 2018-10-01 09:01 UTC (History)
2 users (show)

See Also:


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description cwseys 2016-11-18 16:23:21 UTC
Hello,

When vfs_fruit is enabled on a share and "inherit permissions = yes", when new files and directories are created by a Macintosh "other" is able to read the file or directory, even when "other" has no read (write or execute) permission on the parent directory.

Windows and Linux create new files and directories with "other" having no read (write or execute) permissions, just like parent directory.

If vfs_fruit is off, the Macintosh creates files and directories with the same permissions files/dirs created by Windows and Linux.

I believe vfs_fruit has a bug in the permissions it gives new files/directories which leads to the files/dir being world readable.

Macintosh used was running "El Capitan" 10.11.6 .

Example file listing:

vfs_fruit On:
drwxrwx---+ 1 smbadmin smbadmin 326 Nov 18 09:57 .
drwxr-xr-x  1 root     root      22 Nov 18 09:48 ..
-rwxrwx---+ 1 cwseys   cwseys     0 Nov 18 09:55 createdOnLinuxWithFruit
-rw-rwxr--+ 1 cwseys   cwseys   358 Nov 18 09:51 createdOnMacWithFruit.rtf
-rwxrwx---+ 1 cwseys   cwseys     0 Nov 18 09:57 createdOnWinWithFruit.txt
drwxrwx---+ 1 cwseys   cwseys     0 Nov 18 09:55 folderOnLinuxWithFruit
drwxrwxr-x+ 1 cwseys   cwseys     0 Nov 18 10:15 folderOnMacWithFruit
drwxrwx---+ 1 cwseys   cwseys     0 Nov 18 09:57 folderOnWinWithFruit


vfs_fruit off:
drwxrwx---+ 1 smbadmin smbadmin 454 Nov 18 10:19 .
drwxr-xr-x  1 root     root      22 Nov 18 09:48 ..
-rwxrwx---+ 1 cwseys   cwseys     0 Nov 18 10:18 createdOnLinuxNoFruit
-rwxrwx---+ 1 cwseys   cwseys   368 Nov 18 09:53 ._createdOnMacNoFruit.rtf
-rwxrwx---+ 1 cwseys   cwseys   358 Nov 18 09:51 createdOnMacNoFruit.rtf
-rwxrwx---+ 1 cwseys   cwseys     0 Nov 18 10:19 createdOnWinNoFruit.txt

# getfacl .
# file: .
# owner: smbadmin
# group: smbadmin
user::rwx
user:cwseys:rwx
group::rwx
group:cwseys:rwx
mask::rwx
other::---
default:user::rwx
default:user:cwseys:rwx
default:group::rwx
default:group:cwseys:rwx
default:mask::rwx
default:other::---



# Global parameters
[global]
  realm = PHYSICS.WISC.EDU
  server string = %h server
  workgroup = PHYSICS
  max log size = 100000
  syslog = 0
  panic action = /usr/share/samba/panic-action %d
  kerberos method = secrets and keytab
  map to guest = Bad User
  security = ADS
  server signing = required
  hostname lookups = Yes
  dns proxy = No
  idmap config * : backend = tdb

[fruit]
  path = /srv/fruit
  ea support = Yes
  inherit acls = Yes
  inherit permissions = Yes
  read only = No
  vfs objects = btrfs catia fruit streams_xattr

Thanks for all your work!
C.
Comment 1 cwseys 2017-01-23 17:48:54 UTC
Hi Ralph,
[from samba mailing list]
> it's a global option. Have you put it in the global or a share section?

  Thanks for the hint!  After putting it in the global options the create mode mimics the parent directory as one would expect from 
"
inherit permissions = yes
inherit acls = yes
"

If possible it would be less dangerous (securitywise) not to have fruit:nfs_aces setting interact with 'inherit permissions' and 'inherit acls'.

Or at least the default setting of nfs_aces should not interact with a big warning/explanation of how changing to nfs_aces = yes will interact.

Thanks again!
Chad.