Mailing-List:	contact cygwin-help AT sourceware DOT cygnus DOT com; run by ezmlm
List-Subscribe:	<mailto:cygwin-subscribe AT sources DOT redhat DOT com>
List-Archive:	<http://sources.redhat.com/ml/cygwin/>
List-Post:	<mailto:cygwin AT sources DOT redhat DOT com>
List-Help:	<mailto:cygwin-help AT sources DOT redhat DOT com>, <http://sources.redhat.com/ml/#faqs>
Sender:	cygwin-owner AT sources DOT redhat DOT com
Delivered-To:	mailing list cygwin AT sources DOT redhat DOT com
From:	Corinna Vinschen <cygwin AT cygwin DOT com>
Date:	Wed, 13 Dec 2000 11:30:14 +0100
X-Mailer:	KMail [version 1.1.99]
Cc:	cygwin AT sources DOT redhat DOT com
To:	cygwin <cygwin AT cygwin DOT com>
References:	<OF4452111B DOT B0F21FC3-ON862569B2 DOT 00610F4F AT mmm DOT com> <3A368A98 DOT C1CE59BE AT ece DOT gatech DOT edu>
In-Reply-To:	<3A368A98.C1CE59BE@ece.gatech.edu>
Subject:	Re: CVS permissions problem with network drive
MIME-Version:	1.0
Message-Id:	<0012131108080H.05746@cygbert>
X-MIME-Autoconverted:	from quoted-printable to 8bit by delorie.com id FAA00183

On Tuesday 12 December 2000 21:29, Charles Wilson wrote:
> I'm not sure how NTSEC/noNTSEC permissions and SAMBA interact.  My
> short tests show that I can create and delete files and directories
> on a *SMB* share (hosted on WinNT, not a SAMBA share hosted on
> linux/unix/etc).

SAMBA supports access control lists but it doesn't support
creating files with your Windows identity of course. So
it uses the identity of the Linux user you used for logon.

> However, even in my tests, these files and directories are created
> read-only, and chmod fails. (Yet I can still delete the
> files/directories).
>
> $ cd //host/share
> $ umask
> 002
>
> # FILES
>
> $ touch foo
> $ ld -l foo
> -r--r--r--   1 1002     None            0 Dec 12 15:21 foo
> $ chmod +w foo
> chmod: foo: Permission denied
> $ chmod 666 foo
> chmod: foo: Permission denied
> $ rm foo
> $ ls -l foo
> ls: foo: No such file or directory
>
> # DIRECTORIES
>
> $ mkdir foo
> $ ls -ld foo
> dr-xr-xr-x   1 1002     None            0 Dec 12 15:19 foo
> $ chmod +w foo
> chmod: foo: Permission denied
> $ chmod 777 foo
> chmod: foo: Permission denied
> $ cd foo
> $ touch bar
> touch: bar: Permission denied
> $ cd //host/share
> $ rmdir foo
> $ ls -l foo
> ls: foo: No such file or directory
>
> Since even in these simple cases, permissions and 'writeability'
> fails on SMB shares, I am not surprised that CVS also fails on SMB
> shares.
>
> Corinna, oh-expert-of-all-that-is-nt-security, can you shed some
> light on this situation?

Chuck, I would really like to do this but it works for me.
If I only would know the difference between your and my system...

I tried the same scenario as you above. `cvaio' is a W2K box.

$ cd //cvaio/corinna
$ umask
2

# FILES

$ ls -l foo
-rw-rw-r--   1 corinna  root            0 Dec 13 09:52 foo
$ chmod 666 foo
$ ls -l foo
-rw-rw-rw-   1 corinna  root            0 Dec 13 09:52 foo

# DIRECTORIES

$ mkdir foo
$ ls -ld foo
drwxrwxr-x   1 corinna  root            0 Dec 13 09:53 foo
$ chmod 777 foo
$ ls -ld foo
drwxrwxrwx   1 corinna  root            0 Dec 13 09:53 foo
$ cd foo
$ pwd
//corinna/corinna/foo

So far the Windows SMB tests. Let's have a look to Samba now.

The same as above but on a Samba share. `cygbert' is a Linux box
running Samba 2.0.7

$ cd //cygbert/corinna

# FILES

$ touch foo
$ ls -l foo
-rw-r--r--   1 2000     1201            0 Dec 13 09:58 foo
/cygbert/corinna[59]$ chmod 666 foo
chmod: foo: Permission denied
/cygbert/corinna[60]$ ls -l foo
-rw-r--r--   1 2000     1201            0 Dec 13 09:58 foo

Ok, let's forget the directories here. Why does `chmod' fail
on the Samba share? You see the missing names in the `ls -l'
output? Ok, the reason is that the user and group ids are
not mentioned in your /etc/passwd. What's the meaning of
`2000' and `1201' here? Samba creates SIDs from UIDs and GIDs
by using it's own system SID (created when smbd is started for
the first time) and computing the RID as follows:

	users-RID = 1000 + 2 * Linux-UID
	group-RID = 1001 + 2 * Linux-GID

In the above example 2000 means UID=500 (1000 + 2 * 500 = 2000)
and 1201 means GID 100 (1001 + 2 * 100 = 1201)

You can avoid the above `Permission denied' problem by adding
the Linux user and group to /etc/passwd and /etc/group:

Next obvious question: Where to get the SID of my Linux box???
Answer: locate `MACHINE.SID'.

In my example:

/etc/passwd:
cv_cyg::2000:1201:Corinna on Cygbert,S-1-5-21-2995888091-1469122872-890212507-2000:/e:/bin/tcsh

/etc/group:
user_cyg:S-1-5-21-2995888091-1469122872-890212507-1201:1201:

Which results in the following change when trying the above
example again:

$ touch foo
$ ls -l foo
-rw-r--r--   1 cv_cyg   user_cyg        0 Dec 13 11:09 foo
$ chmod 666 foo
$ ls -l foo
-rw-rw-rw-   1 cv_cyg   user_cyg        0 Dec 13 11:09 foo

BUT: Don't expect to be able to use all permission variations on
a Samba share. For some reason Samba changes the permission bits
silently to a "useful" (from it's own point of view) combination.
Example:

$ chmod 702 foo
$ ls -l foo
-rwxrw-rw-   1 cv_cyg   user_cyg        0 Dec 13 11:09 foo

Weird, isn't it? In brief:
- No write and exec permissions without read permissions.
- User permissions >= group permissions >= world permissions.

Hope, that helps,
Corinna

-- 
Corinna Vinschen                  Please, send mails regarding Cygwin to
Cygwin Developer                                mailto:cygwin AT cygwin DOT com
Red Hat, Inc.

--
Want to unsubscribe from this list?
Send a message to cygwin-unsubscribe AT sourceware DOT cygnus DOT com

- Raw text -