Mailing-List: contact cygwin-help AT sourceware DOT cygnus DOT com; run by ezmlm List-Subscribe: List-Archive: List-Post: List-Help: , Sender: cygwin-owner AT sources DOT redhat DOT com Delivered-To: mailing list cygwin AT sources DOT redhat DOT com From: Corinna Vinschen Date: Wed, 13 Dec 2000 11:30:14 +0100 X-Mailer: KMail [version 1.1.99] Content-Type: text/plain; charset="us-ascii" Cc: cygwin AT sources DOT redhat DOT com To: cygwin References: <3A368A98 DOT C1CE59BE AT ece DOT gatech DOT edu> In-Reply-To: <3A368A98.C1CE59BE@ece.gatech.edu> Subject: Re: CVS permissions problem with network drive MIME-Version: 1.0 Message-Id: <0012131108080H.05746@cygbert> Content-Transfer-Encoding: 8bit X-MIME-Autoconverted: from quoted-printable to 8bit by delorie.com id FAA00183 On Tuesday 12 December 2000 21:29, Charles Wilson wrote: > I'm not sure how NTSEC/noNTSEC permissions and SAMBA interact. My > short tests show that I can create and delete files and directories > on a *SMB* share (hosted on WinNT, not a SAMBA share hosted on > linux/unix/etc). SAMBA supports access control lists but it doesn't support creating files with your Windows identity of course. So it uses the identity of the Linux user you used for logon. > However, even in my tests, these files and directories are created > read-only, and chmod fails. (Yet I can still delete the > files/directories). > > $ cd //host/share > $ umask > 002 > > # FILES > > $ touch foo > $ ld -l foo > -r--r--r-- 1 1002 None 0 Dec 12 15:21 foo > $ chmod +w foo > chmod: foo: Permission denied > $ chmod 666 foo > chmod: foo: Permission denied > $ rm foo > $ ls -l foo > ls: foo: No such file or directory > > # DIRECTORIES > > $ mkdir foo > $ ls -ld foo > dr-xr-xr-x 1 1002 None 0 Dec 12 15:19 foo > $ chmod +w foo > chmod: foo: Permission denied > $ chmod 777 foo > chmod: foo: Permission denied > $ cd foo > $ touch bar > touch: bar: Permission denied > $ cd //host/share > $ rmdir foo > $ ls -l foo > ls: foo: No such file or directory > > Since even in these simple cases, permissions and 'writeability' > fails on SMB shares, I am not surprised that CVS also fails on SMB > shares. > > Corinna, oh-expert-of-all-that-is-nt-security, can you shed some > light on this situation? Chuck, I would really like to do this but it works for me. If I only would know the difference between your and my system... I tried the same scenario as you above. `cvaio' is a W2K box. $ cd //cvaio/corinna $ umask 2 # FILES $ ls -l foo -rw-rw-r-- 1 corinna root 0 Dec 13 09:52 foo $ chmod 666 foo $ ls -l foo -rw-rw-rw- 1 corinna root 0 Dec 13 09:52 foo # DIRECTORIES $ mkdir foo $ ls -ld foo drwxrwxr-x 1 corinna root 0 Dec 13 09:53 foo $ chmod 777 foo $ ls -ld foo drwxrwxrwx 1 corinna root 0 Dec 13 09:53 foo $ cd foo $ pwd //corinna/corinna/foo So far the Windows SMB tests. Let's have a look to Samba now. The same as above but on a Samba share. `cygbert' is a Linux box running Samba 2.0.7 $ cd //cygbert/corinna # FILES $ touch foo $ ls -l foo -rw-r--r-- 1 2000 1201 0 Dec 13 09:58 foo /cygbert/corinna[59]$ chmod 666 foo chmod: foo: Permission denied /cygbert/corinna[60]$ ls -l foo -rw-r--r-- 1 2000 1201 0 Dec 13 09:58 foo Ok, let's forget the directories here. Why does `chmod' fail on the Samba share? You see the missing names in the `ls -l' output? Ok, the reason is that the user and group ids are not mentioned in your /etc/passwd. What's the meaning of `2000' and `1201' here? Samba creates SIDs from UIDs and GIDs by using it's own system SID (created when smbd is started for the first time) and computing the RID as follows: users-RID = 1000 + 2 * Linux-UID group-RID = 1001 + 2 * Linux-GID In the above example 2000 means UID=500 (1000 + 2 * 500 = 2000) and 1201 means GID 100 (1001 + 2 * 100 = 1201) You can avoid the above `Permission denied' problem by adding the Linux user and group to /etc/passwd and /etc/group: Next obvious question: Where to get the SID of my Linux box??? Answer: locate `MACHINE.SID'. In my example: /etc/passwd: cv_cyg::2000:1201:Corinna on Cygbert,S-1-5-21-2995888091-1469122872-890212507-2000:/e:/bin/tcsh /etc/group: user_cyg:S-1-5-21-2995888091-1469122872-890212507-1201:1201: Which results in the following change when trying the above example again: $ touch foo $ ls -l foo -rw-r--r-- 1 cv_cyg user_cyg 0 Dec 13 11:09 foo $ chmod 666 foo $ ls -l foo -rw-rw-rw- 1 cv_cyg user_cyg 0 Dec 13 11:09 foo BUT: Don't expect to be able to use all permission variations on a Samba share. For some reason Samba changes the permission bits silently to a "useful" (from it's own point of view) combination. Example: $ chmod 702 foo $ ls -l foo -rwxrw-rw- 1 cv_cyg user_cyg 0 Dec 13 11:09 foo Weird, isn't it? In brief: - No write and exec permissions without read permissions. - User permissions >= group permissions >= world permissions. Hope, that helps, Corinna -- Corinna Vinschen Please, send mails regarding Cygwin to Cygwin Developer mailto:cygwin AT cygwin DOT com Red Hat, Inc. -- Want to unsubscribe from this list? Send a message to cygwin-unsubscribe AT sourceware DOT cygnus DOT com