| delorie.com/archives/browse.cgi | search |
| DMARC-Filter: | OpenDMARC Filter v1.4.2 delorie.com 4ACBWlPN4130910 |
| Authentication-Results: | delorie.com; dmarc=pass (p=none dis=none) header.from=cygwin.com |
| Authentication-Results: | delorie.com; spf=pass smtp.mailfrom=cygwin.com |
| DKIM-Filter: | OpenDKIM Filter v2.11.0 delorie.com 4ACBWlPN4130910 |
| Authentication-Results: | delorie.com; |
| dkim=pass (1024-bit key, unprotected) header.d=cygwin.com header.i=@cygwin.com header.a=rsa-sha256 header.s=default header.b=myLNel6n | |
| X-Recipient: | archive-cygwin AT delorie DOT com |
| DKIM-Filter: | OpenDKIM Filter v2.11.0 sourceware.org 272263858427 |
| DKIM-Signature: | v=1; a=rsa-sha256; c=relaxed/relaxed; d=cygwin.com; |
| s=default; t=1731411167; | |
| bh=KZax0PiVOAE0C24zfIO2rJd3lRanht7osrCom33+3i0=; | |
| h=Date:To:Subject:References:In-Reply-To:List-Id:List-Unsubscribe: | |
| List-Archive:List-Post:List-Help:List-Subscribe:From:Reply-To:Cc: | |
| From; | |
| b=myLNel6nygc7rckNwc3NRFlhnSSiZuQzlhqyNP+F2MT6olUHZso0jJQkHEVqgCpON | |
| LgopB9gifbGOiBY2LBw/vsiy0MaD6eOToUWZEdV9wtthIV77ESy3Ff5sE/HM07pOzt | |
| Thb367yA4TTvE53dvD5pVjGxDhVxlJqx3eM6LLhI= | |
| X-Original-To: | cygwin AT cygwin DOT com |
| Delivered-To: | cygwin AT cygwin DOT com |
| DKIM-Filter: | OpenDKIM Filter v2.11.0 sourceware.org 2253C3858D20 |
| Date: | Tue, 12 Nov 2024 12:31:39 +0100 |
| To: | cygwin AT cygwin DOT com |
| Subject: | Re: SMBFS mount's file cannot be made executable |
| Message-ID: | <ZzM8myfrcnbo88cO@calimero.vinschen.de> |
| Mail-Followup-To: | cygwin AT cygwin DOT com |
| References: | <Zy4ODHHpmZPggGSz AT calimero DOT vinschen DOT de> |
| <20241111193152 DOT c3a81044a03ecf2093185166 AT nifty DOT ne DOT jp> | |
| <ZzHizX_6FXABDPvZ AT calimero DOT vinschen DOT de> | |
| <20241111201928 DOT 811a2f8f09142b7aa8fe9bdc AT nifty DOT ne DOT jp> | |
| <20241111203202 DOT b22bcf4f9030aff58299fe0e AT nifty DOT ne DOT jp> | |
| <20241111204051 DOT 493f12208bb59d62b699dd28 AT nifty DOT ne DOT jp> | |
| <ZzHyhoWnNvkTQYW- AT calimero DOT vinschen DOT de> | |
| <20241111211953 DOT 605b186566ce3a44ca929788 AT nifty DOT ne DOT jp> | |
| <ZzIIO2NxmdYpox2A AT calimero DOT vinschen DOT de> | |
| <20241112042937 DOT 740185a42d476993b4b1e31c AT nifty DOT ne DOT jp> | |
| MIME-Version: | 1.0 |
| In-Reply-To: | <20241112042937.740185a42d476993b4b1e31c@nifty.ne.jp> |
| X-BeenThere: | cygwin AT cygwin DOT com |
| X-Mailman-Version: | 2.1.30 |
| List-Id: | General Cygwin discussions and problem reports <cygwin.cygwin.com> |
| List-Unsubscribe: | <https://cygwin.com/mailman/options/cygwin>, |
| <mailto:cygwin-request AT cygwin DOT com?subject=unsubscribe> | |
| List-Archive: | <https://cygwin.com/pipermail/cygwin/> |
| List-Post: | <mailto:cygwin AT cygwin DOT com> |
| List-Help: | <mailto:cygwin-request AT cygwin DOT com?subject=help> |
| List-Subscribe: | <https://cygwin.com/mailman/listinfo/cygwin>, |
| <mailto:cygwin-request AT cygwin DOT com?subject=subscribe> | |
| From: | Corinna Vinschen via Cygwin <cygwin AT cygwin DOT com> |
| Reply-To: | cygwin AT cygwin DOT com |
| Cc: | Corinna Vinschen <corinna-cygwin AT cygwin DOT com> |
| Errors-To: | cygwin-bounces~archive-cygwin=delorie DOT com AT cygwin DOT com |
| Sender: | "Cygwin" <cygwin-bounces~archive-cygwin=delorie DOT com AT cygwin DOT com> |
On Nov 12 04:29, Takashi Yano via Cygwin wrote: > On Mon, 11 Nov 2024 14:35:55 +0100 > Corinna Vinschen wrote: > > On Nov 11 21:19, Takashi Yano via Cygwin wrote: > > > On Mon, 11 Nov 2024 13:03:18 +0100 > > > Corinna Vinschen wrote: > > > > On Nov 11 20:40, Takashi Yano via Cygwin wrote: > > > > > On Mon, 11 Nov 2024 20:32:02 +0900 > > > > > Takashi Yano via Cygwin <cygwin AT cygwin DOT com> wrote: > > > > > > Even with this patch, the file: > > > > > > > > > > > > yano $ touch samba_test_file.txt > > > > > > yano $ ls -l samba_test_files.txt > > > > > > -rw-r--r-- 1 yano yano 0 Nov 11 20:25 samba_test_file.txt > > > > > > > > > > Oops! This was wrong. > > > > > -rw-r--r-- 1 Unknown+User Unix_Group+1000 0 Nov 11 20:25 samba_test_file.txt > > > > > > > > That's Samba for you. I applied your patch and created a file > > > > on my share, and the Authenticated Users group was not in the > > > > resulting ACL. Only user, group, and Everyone. > > > > > > > > Either way, I don't think this is the right thing to do. Even if > > > > the group isn't added to the ACL on my machine, it still loks like > > > > a security problem in waiting. > > > > > > Isn't this DACL here used only for access_check() (NtAccessCheck())? > > > In my environment, the Authenticated Users does not appear in the ACL > > > too. > > > > Oh, yeah, right, *blush*. > > > > But it's still not the right thing to do. You convert the Samba ACL > > to a Windows ACL which gives Authenticated Users full permissions. > > So the check_access() function will return false positives, because > > every authenticated user is in the Authenticated Users group and has > > supposedly FILE_ALL_ACCESS. Even if the actual function (read, write, > > execute) will fail, the access() function will claim that every > > authenticated user has RWX perms. > > Ah, right. I have just confirmed that behaviour... > > > AFAICS, the underlying problem is somehow the user mapping. Did you > > try with username map = /foo/bar? > > Yes. However, my user name is 'yano' both in server (Linux) and > client (Windows 10) side. So, I think there is no effect of > 'username map'. I have something like corinna = MY_DOMAIN\corinna in there. Corinna -- Problem reports: https://cygwin.com/problems.html FAQ: https://cygwin.com/faq/ Documentation: https://cygwin.com/docs.html Unsubscribe info: https://cygwin.com/ml/#unsubscribe-simple
| webmaster | delorie software privacy |
| Copyright © 2019 by DJ Delorie | Updated Jul 2019 |