Bug 4197 - windows read-only flag is not being set in regards to group permission
Summary: windows read-only flag is not being set in regards to group permission
Status: RESOLVED INVALID
Alias: None
Product: Samba 3.0
Classification: Unclassified
Component: User/Group Accounts (show other bugs)
Version: 3.0.23c
Hardware: x86 Windows XP
: P3 normal
Target Milestone: none
Assignee: Samba Bugzilla Account
QA Contact: Samba QA Contact
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2006-10-30 13:08 UTC by John Medema
Modified: 2006-10-30 13:28 UTC (History)
0 users

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description John Medema 2006-10-30 13:08:08 UTC 
Client:  Windows XP
Samba Server: SuSE Linux 10.0 (samba3.0.23c-12.1.37)
Installed programs:
libsmbclient 3.0.23c
samba 3.0.23c-12.1.37
samba-client 3.0.23c
yast2-samba-client 2.12.4
yast2-samba-server 2.12.8

Note: winbind is not installed.

<<START SMB.CONF>>
[global]
	workgroup = tames
	printing = cups
	printcap name = cups
	printcap cache time = 750
	cups options = raw
	printer admin = @ntadmin, root, administrator
	username map = /etc/samba/smbusers
	map to guest = Bad User
	include = /etc/samba/dhcp.conf
	logon path = \\%L\profiles\.msprofile
	logon home = \\%L\%U\.9xprofile
	logon drive = P:
	security = user
	encrypt passwords = yes
	#passdb backend = 
	ldap idmap suffix = ou=Idmap
	ldap machine suffix = ou=Computers
	netbios name = tames01
	ldap suffix = dc=example,dc=com

[homes]
	comment = Home Directories
	valid users = %S
	browseable = no
	read only = no
	inherit acls = yes
	create mask = 0660
	directory mask = 0770


[aods]
#	comment = aods program files
	path = /opt/aods
	read only = no
	browseable = yes
	create mask = 0660
	directory mask = 0770	

[web]
#	comment = Apache2 web files
	path = /srv/www
	read only = no
	browseable = yes
	create mask = 0664
	directory mask = 0775	
<<END SMB.CONF>>


PROBLEM:
user1 and user2 in group1.
client logged into server through samba as user1.
file owned by user2.

#chmod 440 /opt/aods/php/mainmenu.php
#ls -l /opt/aods/php/mainmenu.php
-r--r-----    1 user2 group1  870 Oct 30 11:46 mainmenu.php
<<from terminal, user1 cannot write to mainmenu.php>>
<<from samba, ro flag set, user1 cannot write to mainmenu.php>>

#chmod 460 /opt/aods/php/mainmenu.php
#ls -l /opt/aods/php/mainmenu.php
-r--rw----    1 user2 group1  870 Oct 30 11:46 mainmenu.php
<<from terminal, user1 can write to mainmenu.php>>
<<from samba, ro flag set, user1 cannot write to mainmenu.php>>

#chmod 640 /opt/aods/php/mainmenu.php
#ls -l /opt/aods/php/mainmenu.php
-rw-r-----    1 user2 group1  870 Oct 30 11:46 mainmenu.php
<<from terminal, user1 cannot write to mainmenu.php>>
<<from samba, ro flag not set, user1 cannot write to mainmenu.php>>

#chmod 660 /opt/aods/php/mainmenu.php
#ls -l /opt/aods/php/mainmenu.php
-rw-rw----    1 user2 group1  870 Oct 30 11:46 mainmenu.php
<<from terminal, user1 can write to mainmenu.php>>
<<from samba, ro flag not set, user1 can write to mainmenu.php>>


As you can see, the samba server is not checking the group permission bit when setting whether mainmenu.php is read-only.  I have not tested this with the "other" permission bit.
Comment 1 John Medema 2006-10-30 13:28:03 UTC 
Sorry, just found out about the "map read only = Permissions" option in smb.conf.  Apparently this behavior is by design, and not a bug.  Sorry about the confusion...