mirror of
https://github.com/samba-team/samba.git
synced 2024-12-22 13:34:15 +03:00
smbd: add an option to inherit only the UNIX owner
This can be used to emulate folder quotas, as explained in the modified manpage. Signed-off-by: Uri Simchoni <uri@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
This commit is contained in:
parent
ebb3b34ec5
commit
1dfd8df23d
@ -1,6 +1,7 @@
|
||||
<samba:parameter name="inherit owner"
|
||||
context="S"
|
||||
type="boolean"
|
||||
type="enum"
|
||||
enumlist="enum_inherit_owner_vals"
|
||||
xmlns:samba="http://www.samba.org/samba/DTD/samba-doc">
|
||||
<description>
|
||||
<para>The ownership of new files and directories
|
||||
@ -8,11 +9,47 @@
|
||||
This option allows the Samba administrator to specify that
|
||||
the ownership for new files and directories should be controlled
|
||||
by the ownership of the parent directory.</para>
|
||||
|
||||
|
||||
<para>Valid options are:</para>
|
||||
<itemizedlist>
|
||||
<listitem><para><constant>no</constant> -
|
||||
Both the Windows (SID) owner and the UNIX (uid) owner of the file are
|
||||
governed by the identity of the user that created the file.
|
||||
</para></listitem>
|
||||
|
||||
<listitem><para><constant>windows and unix</constant> -
|
||||
The Windows (SID) owner and the UNIX (uid) owner of new files and
|
||||
directories are set to the respective owner of the parent directory.
|
||||
</para></listitem>
|
||||
|
||||
<listitem><para><constant>yes</constant> - a synonym for
|
||||
<constant>windows and unix</constant>.
|
||||
</para></listitem>
|
||||
|
||||
<listitem><para><constant>unix only</constant> -
|
||||
Only the UNIX owner is set to the UNIX owner of the parent directory.
|
||||
</para></listitem>
|
||||
</itemizedlist>
|
||||
|
||||
<para>Common scenarios where this behavior is useful is in
|
||||
implementing drop-boxes, where users can create and edit files but
|
||||
not delete them and ensuring that newly created files in a user's
|
||||
roaming profile directory are actually owned by the user.</para>
|
||||
|
||||
<para>The <constant>unix only</constant> option effectively
|
||||
breaks the tie between the Windows owner of a file and the
|
||||
UNIX owner. As a logical consequence, in this mode,
|
||||
setting the the Windows owner of a file does not modify the UNIX
|
||||
owner. Using this mode should typically be combined with a
|
||||
backing store that can emulate the full NT ACL model without
|
||||
affecting the POSIX permissions, such as the acl_xattr
|
||||
VFS module, coupled with
|
||||
<smbconfoption name="acl_xattr:ignore system acls">yes</smbconfoption>.
|
||||
This can be used to emulate folder quotas, when files are
|
||||
exposed only via SMB (without UNIX extensions).
|
||||
The UNIX owner of a directory is locally set
|
||||
and inherited by all subdirectories and files, and they all
|
||||
consume the same quota.</para>
|
||||
</description>
|
||||
|
||||
<related>inherit permissions</related>
|
||||
|
@ -229,6 +229,13 @@ enum mapreadonly_options {MAP_READONLY_NO, MAP_READONLY_YES, MAP_READONLY_PERMIS
|
||||
/* case handling */
|
||||
enum case_handling {CASE_LOWER,CASE_UPPER};
|
||||
|
||||
/* inherit owner options */
|
||||
enum inheritowner_options {
|
||||
INHERIT_OWNER_NO,
|
||||
INHERIT_OWNER_WINDOWS_AND_UNIX,
|
||||
INHERIT_OWNER_UNIX_ONLY
|
||||
};
|
||||
|
||||
/*
|
||||
* Default passwd chat script.
|
||||
*/
|
||||
|
@ -308,6 +308,12 @@ static const struct enum_list enum_case[] = {
|
||||
{-1, NULL}
|
||||
};
|
||||
|
||||
static const struct enum_list enum_inherit_owner_vals[] = {
|
||||
{INHERIT_OWNER_NO, "no"},
|
||||
{INHERIT_OWNER_WINDOWS_AND_UNIX, "windows and unix"},
|
||||
{INHERIT_OWNER_WINDOWS_AND_UNIX, "yes"},
|
||||
{INHERIT_OWNER_UNIX_ONLY, "unix only"},
|
||||
{-1, NULL}};
|
||||
|
||||
/* Note: We do not initialise the defaults union - it is not allowed in ANSI C
|
||||
*
|
||||
|
@ -930,7 +930,7 @@ static NTSTATUS open_file(files_struct *fsp,
|
||||
}
|
||||
|
||||
/* Change the owner if required. */
|
||||
if (lp_inherit_owner(SNUM(conn))) {
|
||||
if (lp_inherit_owner(SNUM(conn)) != INHERIT_OWNER_NO) {
|
||||
change_file_owner_to_parent(conn, parent_dir,
|
||||
fsp);
|
||||
need_re_stat = true;
|
||||
@ -3375,7 +3375,7 @@ static NTSTATUS mkdir_internal(connection_struct *conn,
|
||||
}
|
||||
|
||||
/* Change the owner if required. */
|
||||
if (lp_inherit_owner(SNUM(conn))) {
|
||||
if (lp_inherit_owner(SNUM(conn)) != INHERIT_OWNER_NO) {
|
||||
change_dir_owner_to_parent(conn, parent_dir,
|
||||
smb_dname->base_name,
|
||||
&smb_dname->st);
|
||||
@ -4017,7 +4017,8 @@ static NTSTATUS inherit_new_acl(files_struct *fsp)
|
||||
const struct dom_sid *group_sid = NULL;
|
||||
uint32_t security_info_sent = (SECINFO_OWNER | SECINFO_GROUP | SECINFO_DACL);
|
||||
struct security_token *token = fsp->conn->session_info->security_token;
|
||||
bool inherit_owner = lp_inherit_owner(SNUM(fsp->conn));
|
||||
bool inherit_owner =
|
||||
(lp_inherit_owner(SNUM(fsp->conn)) == INHERIT_OWNER_WINDOWS_AND_UNIX);
|
||||
bool inheritable_components = false;
|
||||
bool try_builtin_administrators = false;
|
||||
const struct dom_sid *BA_U_sid = NULL;
|
||||
|
@ -3754,6 +3754,14 @@ NTSTATUS set_nt_acl(files_struct *fsp, uint32_t security_info_sent, const struct
|
||||
security_info_sent &= ~SECINFO_GROUP;
|
||||
}
|
||||
|
||||
/* If UNIX owner is inherited and Windows isn't, then
|
||||
* setting the UNIX owner based on Windows owner conflicts
|
||||
* with the inheritance rule
|
||||
*/
|
||||
if (lp_inherit_owner(SNUM(conn)) == INHERIT_OWNER_UNIX_ONLY) {
|
||||
security_info_sent &= ~SECINFO_OWNER;
|
||||
}
|
||||
|
||||
status = unpack_nt_owners( conn, &user, &grp, security_info_sent, psd);
|
||||
if (!NT_STATUS_IS_OK(status)) {
|
||||
return status;
|
||||
|
Loading…
Reference in New Issue
Block a user