This is the mail archive of the cygwin@sources.redhat.com mailing list for the Cygwin project.

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]

Re: CVS permissions problem with network drive

To: cygwin <cygwin at cygwin dot com>
Subject: Re: CVS permissions problem with network drive
From: Corinna Vinschen <cygwin at cygwin dot com>
Date: Wed, 13 Dec 2000 11:30:14 +0100
Cc: cygwin at sources dot redhat dot com
References: <OF4452111B.B0F21FC3-ON862569B2.00610F4F@mmm.com> <3A368A98.C1CE59BE@ece.gatech.edu>

On Tuesday 12 December 2000 21:29, Charles Wilson wrote:
> I'm not sure how NTSEC/noNTSEC permissions and SAMBA interact.  My
> short tests show that I can create and delete files and directories
> on a *SMB* share (hosted on WinNT, not a SAMBA share hosted on
> linux/unix/etc).

SAMBA supports access control lists but it doesn't support
creating files with your Windows identity of course. So
it uses the identity of the Linux user you used for logon.

> However, even in my tests, these files and directories are created
> read-only, and chmod fails. (Yet I can still delete the
> files/directories).
>
> $ cd //host/share
> $ umask
> 002
>
> # FILES
>
> $ touch foo
> $ ld -l foo
> -r--r--r--   1 1002     None            0 Dec 12 15:21 foo
> $ chmod +w foo
> chmod: foo: Permission denied
> $ chmod 666 foo
> chmod: foo: Permission denied
> $ rm foo
> $ ls -l foo
> ls: foo: No such file or directory
>
> # DIRECTORIES
>
> $ mkdir foo
> $ ls -ld foo
> dr-xr-xr-x   1 1002     None            0 Dec 12 15:19 foo
> $ chmod +w foo
> chmod: foo: Permission denied
> $ chmod 777 foo
> chmod: foo: Permission denied
> $ cd foo
> $ touch bar
> touch: bar: Permission denied
> $ cd //host/share
> $ rmdir foo
> $ ls -l foo
> ls: foo: No such file or directory
>
> Since even in these simple cases, permissions and 'writeability'
> fails on SMB shares, I am not surprised that CVS also fails on SMB
> shares.
>
> Corinna, oh-expert-of-all-that-is-nt-security, can you shed some
> light on this situation?

Chuck, I would really like to do this but it works for me.
If I only would know the difference between your and my system...

I tried the same scenario as you above. `cvaio' is a W2K box.

$ cd //cvaio/corinna
$ umask
2

# FILES

$ ls -l foo
-rw-rw-r--   1 corinna  root            0 Dec 13 09:52 foo
$ chmod 666 foo
$ ls -l foo
-rw-rw-rw-   1 corinna  root            0 Dec 13 09:52 foo

# DIRECTORIES

$ mkdir foo
$ ls -ld foo
drwxrwxr-x   1 corinna  root            0 Dec 13 09:53 foo
$ chmod 777 foo
$ ls -ld foo
drwxrwxrwx   1 corinna  root            0 Dec 13 09:53 foo
$ cd foo
$ pwd
//corinna/corinna/foo

So far the Windows SMB tests. Let's have a look to Samba now.

The same as above but on a Samba share. `cygbert' is a Linux box
running Samba 2.0.7

$ cd //cygbert/corinna

# FILES

$ touch foo
$ ls -l foo
-rw-r--r--   1 2000     1201            0 Dec 13 09:58 foo
/cygbert/corinna[59]$ chmod 666 foo
chmod: foo: Permission denied
/cygbert/corinna[60]$ ls -l foo
-rw-r--r--   1 2000     1201            0 Dec 13 09:58 foo

Ok, let's forget the directories here. Why does `chmod' fail
on the Samba share? You see the missing names in the `ls -l'
output? Ok, the reason is that the user and group ids are
not mentioned in your /etc/passwd. What's the meaning of
`2000' and `1201' here? Samba creates SIDs from UIDs and GIDs
by using it's own system SID (created when smbd is started for
the first time) and computing the RID as follows:

	users-RID = 1000 + 2 * Linux-UID
	group-RID = 1001 + 2 * Linux-GID

In the above example 2000 means UID=500 (1000 + 2 * 500 = 2000)
and 1201 means GID 100 (1001 + 2 * 100 = 1201)

You can avoid the above `Permission denied' problem by adding
the Linux user and group to /etc/passwd and /etc/group:

Next obvious question: Where to get the SID of my Linux box???
Answer: locate `MACHINE.SID'.

In my example:

/etc/passwd:
cv_cyg::2000:1201:Corinna on Cygbert,S-1-5-21-2995888091-1469122872-890212507-2000:/e:/bin/tcsh

/etc/group:
user_cyg:S-1-5-21-2995888091-1469122872-890212507-1201:1201:

Which results in the following change when trying the above
example again:

$ touch foo
$ ls -l foo
-rw-r--r--   1 cv_cyg   user_cyg        0 Dec 13 11:09 foo
$ chmod 666 foo
$ ls -l foo
-rw-rw-rw-   1 cv_cyg   user_cyg        0 Dec 13 11:09 foo

BUT: Don't expect to be able to use all permission variations on
a Samba share. For some reason Samba changes the permission bits
silently to a "useful" (from it's own point of view) combination.
Example:

$ chmod 702 foo
$ ls -l foo
-rwxrw-rw-   1 cv_cyg   user_cyg        0 Dec 13 11:09 foo

Weird, isn't it? In brief:
- No write and exec permissions without read permissions.
- User permissions >= group permissions >= world permissions.

Hope, that helps,
Corinna

-- 
Corinna Vinschen                  Please, send mails regarding Cygwin to
Cygwin Developer                                mailto:cygwin@cygwin.com
Red Hat, Inc.

--
Want to unsubscribe from this list?
Send a message to cygwin-unsubscribe@sourceware.cygnus.com

Follow-Ups:
- Re: CVS permissions problem with network drive
  - From: Charles Wilson

References:
- Re: CVS permissions problem with network drive
  - From: Charles Wilson

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]