[KLUG Members] Samba file permissions

[Mike Morrett]

Quoting Adam Williams <awilliam@whitemice.org>:

> > Running on a mostly stock Redhat 8 server with smbd
> > 2.2.7-security-rollup-fix I seem to be having a problem.
> > I have set up an account for all my students, and they all have
> smb
> > connections [full domain logins]. For accounting purposes I
> dropped a file
> > called students.txt [root:root rw-r--r--] into each student
> home.
> > Everything was good, except that they can delete the file. I
> just changed
> > the permissions to rw-------, and it is still owned by
> root:root, but they
> > can still delete the file. Is this a bug I should submit to the
> smbd
> > lists, am I doing something wrong, or is this expected
> behavior?
> 
> Deleting a file is an operation on the directory not the contents
> of the
> file.  Since they have "w" permission on the directory they can
> create,
> rename, and delete files in that directory.
> 
> > Also, does anyone know how to export the Linux users' GROUP
> into the
> > windows 98/XP login environment?
> 
> Not certain what you mean.  NT/2000/XP support the concept of
> user
> groups, and Samba 3.x.x will provide group mapping.  Win9x barely
> knows
> what a user is.

FWIW... The following is from the SuSE 9.0 User Guide (pg366)

"The Sticky Bit

Apart from the setuid and setgid bits, there is the sticky bit. It
makes a difference whether it belongs to an executable program or a
directory. If it belongs to a program, a file marked in this way
will be loaded to the RAM to avoid needing to get it from the hard
disk each time it is used. Nowadays, this attribute is used rarely,
as modern hard disks are fast enough.

If this attribute is assigned to a directory, it prevents users from
deleting each other's files. Typical examples include the /tmp and
/var/tmp directories:

drwxrwxrwt   2 root  root   1160 2002-11-19 17:15 /tmp"

Also see "man chmod" about "Sticky Directories".

Mike