Bug 13348 - streams_depot blocks creation of streams due to permissions
Summary: streams_depot blocks creation of streams due to permissions
Status: NEW
Alias: None
Product: Samba 4.1 and newer
Classification: Unclassified
Component: VFS Modules (show other bugs)
Version: 4.7.6
Hardware: All All
: P5 normal (vote)
Target Milestone: ---
Assignee: Samba QA Contact
QA Contact: Samba QA Contact
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2018-03-21 21:54 UTC by Joe Frank
Modified: 2018-03-22 09:11 UTC (History)
2 users (show)

See Also:


Attachments
patch to vfs_streams_depot.c (1.04 KB, patch)
2018-03-21 21:54 UTC, Joe Frank
no flags Details

Note You need to log in before you can comment on or make changes to this bug.
Description Joe Frank 2018-03-21 21:54:06 UTC
Created attachment 14064 [details]
patch to vfs_streams_depot.c

The streams_depot plugin stores alternate data streams in a directory tree based on a hash of the parent file's inode. If two different users create alternate data streams on files that hash to a common parent sub-directory, the second user receives a permission error because the sub-directory is owned by the first user and the mode is set to 0755.

A fix for this is to set the mode to 01777 (with the sticky bit), which still prevents inappropriate deletion of ADS files, but allows anyone to create new ADS files. I've attached a patch with this proposed fix.