Bug 13348 - streams_depot blocks creation of streams due to permissions
Summary: streams_depot blocks creation of streams due to permissions
Status: NEW
Alias: None
Product: Samba 4.1 and newer
Classification: Unclassified
Component: VFS Modules (show other bugs)
Version: 4.7.6
Hardware: All All
: P5 normal (vote)
Target Milestone: ---
Assignee: Samba QA Contact
QA Contact: Samba QA Contact
Depends on:
Reported: 2018-03-21 21:54 UTC by Joe Frank
Modified: 2021-12-03 16:03 UTC (History)
4 users (show)

See Also:

patch to vfs_streams_depot.c (1.04 KB, patch)
2018-03-21 21:54 UTC, Joe Frank
no flags Details

Note You need to log in before you can comment on or make changes to this bug.
Description Joe Frank 2018-03-21 21:54:06 UTC
Created attachment 14064 [details]
patch to vfs_streams_depot.c

The streams_depot plugin stores alternate data streams in a directory tree based on a hash of the parent file's inode. If two different users create alternate data streams on files that hash to a common parent sub-directory, the second user receives a permission error because the sub-directory is owned by the first user and the mode is set to 0755.

A fix for this is to set the mode to 01777 (with the sticky bit), which still prevents inappropriate deletion of ADS files, but allows anyone to create new ADS files. I've attached a patch with this proposed fix.
Comment 1 Dinu-Razvan Chis-Serban 2021-08-30 06:01:21 UTC
Re-trigger bug

If the directory mode is 0755 (and the file mode is 0644) how it is supposed to work in a multi-group environment where different users from different groups should modify same/different streams (assuming that that groups have full access on the main file)?