mirror of
https://github.com/samba-team/samba.git
synced 2024-12-24 21:34:56 +03:00
changed the default permissions code to do this:
if ((sbuf->st_mode & S_IWUSR) == 0) result |= aRONLY; rather than the very complex user/group permissions checks we do currently. This is equivalent ot setting "alternate permissions = yes" in the old code. The change is motivated by three main reasons: 1) it's basically impossible to second guess whether a file is writeable without trying to open it for writing. ACLs, root squash etc just make it too hard. 2) setting it not RONLY if the owner can write is closer to what NT does (eg. look at a cdrom - files are not marked read only). 3) it prevents the silly problem of copying files from a read only share to a writeable share and then finding you can't write to them as windows preserves the RONLY flag. Lots of people get bitten by this when they drag a folder from a Samba drive. It also hurts some install programs. I have also added a new flag type for loadparm.c called FLAG_DEPRECATED which I've set for "alternate permissions". I'll soon add code to testparm to give a warning about deprecated options.
This commit is contained in:
parent
260e7e2740
commit
c4363a12fd
@ -865,6 +865,7 @@ struct bitmap {
|
||||
#define FLAG_HIDE 2 /* options that should be hidden in SWAT */
|
||||
#define FLAG_PRINT 4 /* printing options */
|
||||
#define FLAG_GLOBAL 8 /* local options that should be globally settable in SWAT */
|
||||
#define FLAG_DEPRECATED 16 /* options that should no longer be used */
|
||||
|
||||
#ifndef LOCKING_VERSION
|
||||
#define LOCKING_VERSION 4
|
||||
|
@ -496,7 +496,7 @@ static struct parm_struct parm_table[] =
|
||||
{"password level", P_INTEGER, P_GLOBAL, &Globals.pwordlevel, NULL, NULL, 0},
|
||||
{"username level", P_INTEGER, P_GLOBAL, &Globals.unamelevel, NULL, NULL, 0},
|
||||
{"unix password sync", P_BOOL, P_GLOBAL, &Globals.bUnixPasswdSync, NULL, NULL, 0},
|
||||
{"alternate permissions",P_BOOL,P_LOCAL, &sDefault.bAlternatePerm, NULL, NULL, FLAG_GLOBAL},
|
||||
{"alternate permissions",P_BOOL,P_LOCAL, &sDefault.bAlternatePerm, NULL, NULL, FLAG_GLOBAL|FLAG_DEPRECATED},
|
||||
{"revalidate", P_BOOL, P_LOCAL, &sDefault.bRevalidate, NULL, NULL, FLAG_GLOBAL},
|
||||
{"username", P_STRING, P_LOCAL, &sDefault.szUsername, NULL, NULL, FLAG_GLOBAL},
|
||||
{"user", P_STRING, P_LOCAL, &sDefault.szUsername, NULL, NULL, 0},
|
||||
@ -1205,7 +1205,6 @@ FN_LOCAL_STRING(lp_hide_files,szHideFiles)
|
||||
FN_LOCAL_STRING(lp_veto_oplocks,szVetoOplockFiles)
|
||||
FN_LOCAL_STRING(lp_driverlocation,szPrinterDriverLocation)
|
||||
|
||||
FN_LOCAL_BOOL(lp_alternate_permissions,bAlternatePerm)
|
||||
FN_LOCAL_BOOL(lp_revalidate,bRevalidate)
|
||||
FN_LOCAL_BOOL(lp_casesensitive,bCaseSensitive)
|
||||
FN_LOCAL_BOOL(lp_preservecase,bCasePreserve)
|
||||
|
@ -78,22 +78,11 @@ mode_t unix_mode(connection_struct *conn,int dosmode)
|
||||
int dos_mode(connection_struct *conn,char *path,struct stat *sbuf)
|
||||
{
|
||||
int result = 0;
|
||||
extern struct current_user current_user;
|
||||
|
||||
DEBUG(8,("dos_mode: %s\n", path));
|
||||
|
||||
if (CAN_WRITE(conn) && !lp_alternate_permissions(SNUM(conn))) {
|
||||
if (!((sbuf->st_mode & S_IWOTH) ||
|
||||
conn->admin_user ||
|
||||
((sbuf->st_mode & S_IWUSR) && current_user.uid==sbuf->st_uid) ||
|
||||
((sbuf->st_mode & S_IWGRP) &&
|
||||
in_group(sbuf->st_gid,current_user.gid,
|
||||
current_user.ngroups,current_user.groups))))
|
||||
if ((sbuf->st_mode & S_IWUSR) == 0)
|
||||
result |= aRONLY;
|
||||
} else {
|
||||
if ((sbuf->st_mode & S_IWUSR) == 0)
|
||||
result |= aRONLY;
|
||||
}
|
||||
|
||||
if (MAP_ARCHIVE(conn) && ((sbuf->st_mode & S_IXUSR) != 0))
|
||||
result |= aARCH;
|
||||
|
Loading…
Reference in New Issue
Block a user