13348 – streams_depot blocks creation of streams due to permissions

Bug 13348 - streams_depot blocks creation of streams due to permissions

Summary: streams_depot blocks creation of streams due to permissions

Status:	NEW

Alias:	None

Product:	Samba 4.1 and newer
Classification:	Unclassified
Component:	VFS Modules (show other bugs)
Version:	4.7.6
Hardware:	All All

Importance:	P5 normal (vote)
Target Milestone:	---
Assignee:	Samba QA Contact
QA Contact:	Samba QA Contact

URL:
Keywords:

Depends on:
Blocks:

Reported:	2018-03-21 21:54 UTC by Joe Frank
Modified:	2021-12-03 16:03 UTC (History)
CC List:	4 users (show)

See Also:

Attachments
patch to vfs_streams_depot.c (1.04 KB, patch) 2018-03-21 21:54 UTC, Joe Frank	no flags	Details
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Joe Frank 2018-03-21 21:54:06 UTC

Created attachment 14064 [details]
patch to vfs_streams_depot.c

The streams_depot plugin stores alternate data streams in a directory tree based on a hash of the parent file's inode. If two different users create alternate data streams on files that hash to a common parent sub-directory, the second user receives a permission error because the sub-directory is owned by the first user and the mode is set to 0755.

A fix for this is to set the mode to 01777 (with the sticky bit), which still prevents inappropriate deletion of ADS files, but allows anyone to create new ADS files. I've attached a patch with this proposed fix.

Comment 1 Dinu-Razvan Chis-Serban 2021-08-30 06:01:21 UTC

Re-trigger bug

If the directory mode is 0755 (and the file mode is 0644) how it is supposed to work in a multi-group environment where different users from different groups should modify same/different streams (assuming that that groups have full access on the main file)?