| delorie.com/archives/browse.cgi | search |
| DMARC-Filter: | OpenDMARC Filter v1.4.2 delorie.com 4ABDaHeQ3815788 |
| Authentication-Results: | delorie.com; dmarc=pass (p=none dis=none) header.from=cygwin.com |
| Authentication-Results: | delorie.com; spf=pass smtp.mailfrom=cygwin.com |
| DKIM-Filter: | OpenDKIM Filter v2.11.0 delorie.com 4ABDaHeQ3815788 |
| Authentication-Results: | delorie.com; |
| dkim=pass (1024-bit key, unprotected) header.d=cygwin.com header.i=@cygwin.com header.a=rsa-sha256 header.s=default header.b=R/OnTSF9 | |
| X-Recipient: | archive-cygwin AT delorie DOT com |
| DKIM-Filter: | OpenDKIM Filter v2.11.0 sourceware.org 4285C3858C98 |
| DKIM-Signature: | v=1; a=rsa-sha256; c=relaxed/relaxed; d=cygwin.com; |
| s=default; t=1731332176; | |
| bh=U+mMzlimTjyh0WrWRJ8AID2VZ7jQXYcg8HKbgdCwZcM=; | |
| h=Date:To:Subject:References:In-Reply-To:List-Id:List-Unsubscribe: | |
| List-Archive:List-Post:List-Help:List-Subscribe:From:Reply-To:Cc: | |
| From; | |
| b=R/OnTSF9Ic+j8hD1gHjEtAXaRpIU7GK7BFmkdUxpC8N666ieDEpx8By+ugmo8i1ft | |
| 2kgs0bweJEVRPX8PbN+2iW44eVeQYl+krfV98ivbR161hDisabALYdpMdRsMvUIDju | |
| 6rz3KxSDIRxXpe0t3SV+cHEiUABbPJHQhD0UhArg= | |
| X-Original-To: | cygwin AT cygwin DOT com |
| Delivered-To: | cygwin AT cygwin DOT com |
| DKIM-Filter: | OpenDKIM Filter v2.11.0 sourceware.org 5F2B43858D21 |
| Date: | Mon, 11 Nov 2024 14:35:55 +0100 |
| To: | cygwin AT cygwin DOT com |
| Subject: | Re: SMBFS mount's file cannot be made executable |
| Message-ID: | <ZzIIO2NxmdYpox2A@calimero.vinschen.de> |
| Mail-Followup-To: | cygwin AT cygwin DOT com |
| References: | <BL0PR0901MB430827F1A0668E468B498FBBA5D70 AT BL0PR0901MB4308 DOT namprd09 DOT prod DOT outlook DOT com> |
| <20241108205109 DOT 55f99e2d172b9fc87e92ae67 AT nifty DOT ne DOT jp> | |
| <Zy4ODHHpmZPggGSz AT calimero DOT vinschen DOT de> | |
| <20241111193152 DOT c3a81044a03ecf2093185166 AT nifty DOT ne DOT jp> | |
| <ZzHizX_6FXABDPvZ AT calimero DOT vinschen DOT de> | |
| <20241111201928 DOT 811a2f8f09142b7aa8fe9bdc AT nifty DOT ne DOT jp> | |
| <20241111203202 DOT b22bcf4f9030aff58299fe0e AT nifty DOT ne DOT jp> | |
| <20241111204051 DOT 493f12208bb59d62b699dd28 AT nifty DOT ne DOT jp> | |
| <ZzHyhoWnNvkTQYW- AT calimero DOT vinschen DOT de> | |
| <20241111211953 DOT 605b186566ce3a44ca929788 AT nifty DOT ne DOT jp> | |
| MIME-Version: | 1.0 |
| In-Reply-To: | <20241111211953.605b186566ce3a44ca929788@nifty.ne.jp> |
| X-BeenThere: | cygwin AT cygwin DOT com |
| X-Mailman-Version: | 2.1.30 |
| List-Id: | General Cygwin discussions and problem reports <cygwin.cygwin.com> |
| List-Unsubscribe: | <https://cygwin.com/mailman/options/cygwin>, |
| <mailto:cygwin-request AT cygwin DOT com?subject=unsubscribe> | |
| List-Archive: | <https://cygwin.com/pipermail/cygwin/> |
| List-Post: | <mailto:cygwin AT cygwin DOT com> |
| List-Help: | <mailto:cygwin-request AT cygwin DOT com?subject=help> |
| List-Subscribe: | <https://cygwin.com/mailman/listinfo/cygwin>, |
| <mailto:cygwin-request AT cygwin DOT com?subject=subscribe> | |
| From: | Corinna Vinschen via Cygwin <cygwin AT cygwin DOT com> |
| Reply-To: | cygwin AT cygwin DOT com |
| Cc: | Corinna Vinschen <corinna-cygwin AT cygwin DOT com> |
| Errors-To: | cygwin-bounces~archive-cygwin=delorie DOT com AT cygwin DOT com |
| Sender: | "Cygwin" <cygwin-bounces~archive-cygwin=delorie DOT com AT cygwin DOT com> |
On Nov 11 21:19, Takashi Yano via Cygwin wrote: > On Mon, 11 Nov 2024 13:03:18 +0100 > Corinna Vinschen wrote: > > On Nov 11 20:40, Takashi Yano via Cygwin wrote: > > > On Mon, 11 Nov 2024 20:32:02 +0900 > > > Takashi Yano via Cygwin <cygwin AT cygwin DOT com> wrote: > > > > Even with this patch, the file: > > > > > > > > yano $ touch samba_test_file.txt > > > > yano $ ls -l samba_test_files.txt > > > > -rw-r--r-- 1 yano yano 0 Nov 11 20:25 samba_test_file.txt > > > > > > Oops! This was wrong. > > > -rw-r--r-- 1 Unknown+User Unix_Group+1000 0 Nov 11 20:25 samba_test_file.txt > > > > That's Samba for you. I applied your patch and created a file > > on my share, and the Authenticated Users group was not in the > > resulting ACL. Only user, group, and Everyone. > > > > Either way, I don't think this is the right thing to do. Even if > > the group isn't added to the ACL on my machine, it still loks like > > a security problem in waiting. > > Isn't this DACL here used only for access_check() (NtAccessCheck())? > In my environment, the Authenticated Users does not appear in the ACL > too. Oh, yeah, right, *blush*. But it's still not the right thing to do. You convert the Samba ACL to a Windows ACL which gives Authenticated Users full permissions. So the check_access() function will return false positives, because every authenticated user is in the Authenticated Users group and has supposedly FILE_ALL_ACCESS. Even if the actual function (read, write, execute) will fail, the access() function will claim that every authenticated user has RWX perms. AFAICS, the underlying problem is somehow the user mapping. Did you try with username map = /foo/bar? Corinna -- Problem reports: https://cygwin.com/problems.html FAQ: https://cygwin.com/faq/ Documentation: https://cygwin.com/docs.html Unsubscribe info: https://cygwin.com/ml/#unsubscribe-simple
| webmaster | delorie software privacy |
| Copyright © 2019 by DJ Delorie | Updated Jul 2019 |