Bug 5255 - dos filemode option allows users without write access to change permissons
Summary: dos filemode option allows users without write access to change permissons
Status: RESOLVED FIXED
Alias: None
Product: Samba 3.0
Classification: Unclassified
Component: File Services (show other bugs)
Version: 3.0.24
Hardware: x64 Linux
: P3 major
Target Milestone: none
Assignee: Samba Bugzilla Account
QA Contact: Samba QA Contact
URL:
Keywords:
Depends on: 5202
Blocks:
  Show dependency treegraph
 
Reported: 2008-02-11 06:30 UTC by Ralf Gross
Modified: 2008-08-11 07:52 UTC (History)
1 user (show)

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Ralf Gross 2008-02-11 06:30:14 UTC 
I wanted to use the dos filemode option to allow group members with write access to a file/dir to add/change permissions (system: debian etch, samba 3.0.24).

[testshare]
        printable = no
        comment = Testshare
        browseable = no
        writable = yes
        map archive = no
        map hidden = no
        map system = no
        map readonly = no
        dos filemode = yes
        store dos attributes = yes
        ea support = yes
        inherit permissions = yes
        inherit acls = Yes
        map acl inherit = Yes
        path = /test/testshare

(I've added 'ea support' for testing, it makes no difference yet)


Now inside a directory of this share:

# ls -la
drwxr-s---+ 5 mh users   61 2008-02-08 16:08 .
drwxrwx---+ 6 jm jm      65 2008-02-11 11:20 ..
drwxr-s---+ 2 mh users    6 2008-02-08 16:08 test


# getfacl test/

# file: test
# owner: mh
# group: users
user::rwx
group::r-x
group:users:r-x
mask::r-x
other::---

Now as a user that has read access (r-x) to the both directories (group users)
I'm able to add permissions for the user al from windows explorer to the test
directory.

# getfacl test/

# file: test
# owner: mh
# group: users
user::rwx
user:al:r-x    <----- added user
group::r-x
mask::rwx
other::---
default:user::rwx
default:user:al:r-x   <---- added user
default:group::---
default:mask::rwx
default:other::---


Now how is this possible? I thought the 'dos filemode' option would only work
if a member of the group users has write access to a file.

If I set 'dos filemode = no' I'm not able to add or change permissions.

Note: there is a reference to the depricated 'acl group control' option in the man page.

acl group control (S)
          In  a  POSIX filesystem, only the owner of a file or directory and the superuser can modify the permissions and ACLs on a file. If this parameter is set, then Samba overrides this restriction, and also allows the primary group owner of a file or directory to modify the permissions and ACLs on that file.


The reference to the primary group (which is not mentioned in the dos filemode part of the man page) might be the key to the to this problem.

Ralf
Comment 1 Ralf Gross 2008-02-29 03:51:41 UTC 
Is there any chance that somebony will look at this bug report?

I tried something different. Goal is that group members with write access to a file or dierctory are able to change permissions and give new users access to a directory or file. This group should _not_ necessarily be the owning group.

Because the 'dos filemode' option is _not_ working as documented, I need a workaround.

So I thought about setting the owning unix group with the gid bit to a group where no user is member of (test-admin). And add an other group with write access (erv), thinking that members of this group will then be able to change the permission (dos filemode = yes). I tried different additional setting in my smb.conf, but none gives me the expected result. Still, only the owner or members of owning group can change permission.

But not in all cases it's desired that the owning group is able to change permissions, because from windows this owning group can't be changes (AFAIK). It's possible that a user wants to create a private directory in a share, where only a subset of users have access to. 

So if someone creates a new directory or file there is no way for him to forbit the owing group to set/change permissions on this new file (with dos filemode enabled). Thus members of this group can always set rwx permissions, even if the owner removed all permissons before.


from the docs:
dos filemode
Enabling this parameter allows a user who has write access to the file (by whatever means) to modify the permissions (including ACL) on it.

example:

# file: test
# owner: ralfgro
# group: test-admin
user::rwx
group::---
group:erv:rwx
mask::rwx
other::---
default:user::rwx
default:group::---
default:group:erv:rwx
default:mask::rwx
default:other::---


[testshare]
        printable = no
        comment = Testshare
        browseable = no
        writable = yes

        dos filemode = yes
        store dos attributes = yes
        ea support = yes
        #inherit permissions = yes
        inherit acls = Yes
        #acl map full control = False
        map acl inherit = Yes
        map archive = no
        map hidden = no
        map system = no
        map readonly = no
        path = /server/projekte/test/testshare
Comment 2 SATOH Fumiyasu 2008-07-03 02:33:16 UTC 
I think this bug can be fixed by the patch in bug #5202 I posted
and set "acl group control = No" (default) in smb.conf.
Comment 3 Karolin Seeger 2008-08-11 07:52:52 UTC 
Closing out bug report as the patch fixes the problem.
Please re-open if it is still an issue for you.

Thanks for reporting!