Discussion:
[Samba] samba howto: sticky bit on directories
Werner Durgarten
2011-03-25 14:23:01 UTC
Permalink
Hi List,

The Samba Howto Collection http://www.samba.org/samba/docs/man/Samba-HOWTO-Collection/AccessControls.html#id2611229 says:

"When the set user or group ID bit (s) is set on a directory, then all files created within it will be owned by the user and/or group whose `set user or group' bit is set. "

while i cannot repoduce this behavior the wikipedia says:
http://en.wikipedia.org/wiki/Setuid#setuid_and_setgid_on_directories

"The setuid permission set on a directory is ignored on UNIX and Linux systems "

either there is an error in the howto, or maybe its just time for me to start the weekend ;-)

regards

Werner
--
GMX DSL Doppel-Flat ab 19,99 Euro/mtl.! Jetzt mit
gratis Handy-Flat! http://portal.gmx.net/de/go/dsl
Werner Durgarten
2011-03-25 14:28:43 UTC
Permalink
... sorry wrong subject in previous post: setuid would have been correct ...
--
Empfehlen Sie GMX DSL Ihren Freunden und Bekannten und wir
belohnen Sie mit bis zu 50,- Euro! https://freundschaftswerbung.gmx.de
Moray Henderson
2011-03-28 09:02:29 UTC
Permalink
Post by Werner Durgarten
The Samba Howto Collection http://www.samba.org/samba/docs/man/Samba-
"When the set user or group ID bit (s) is set on a directory, then all
files created within it will be owned by the user and/or group whose
`set user or group' bit is set. "
http://en.wikipedia.org/wiki/Setuid#setuid_and_setgid_on_directories
"The setuid permission set on a directory is ignored on UNIX and Linux systems "
either there is an error in the howto, or maybe its just time for me to
start the weekend ;-)
On CentOS 5.4, the section "26.1 Structure of File Permissions" in "info chmod" states that the setuid bit has no effect on directories, but that the setgid bit does, on some systems, set the gid of files created in the directory.

The setgid bit certainly works for Samba group directories; we've never tried setuid. I guess it may have worked in the past, but doesn't any more. Try it from the command line: if it doesn't work there, it won't from Samba.



Moray.
?To err is human; to purr, feline.?
Daniel Müller
2011-03-28 11:07:08 UTC
Permalink
This is working with samba sernet newest release:
This is setting the bit for the group even with msoffice-files correctly
directory mask=2770
force directory mode=2770
create mask = 2770
force create mode=2770
force security mode=2770
force directory security mode=2770

On Fri, 25 Mar 2011 15:23:01 +0100, "Werner Durgarten"
Post by Werner Durgarten
Hi List,
The Samba Howto Collection
http://www.samba.org/samba/docs/man/Samba-HOWTO-Collection/AccessControls.html#id2611229
Post by Werner Durgarten
"When the set user or group ID bit (s) is set on a directory, then all
files created within it will be owned by the user and/or group whose
`set
Post by Werner Durgarten
user or group' bit is set. "
http://en.wikipedia.org/wiki/Setuid#setuid_and_setgid_on_directories
"The setuid permission set on a directory is ignored on UNIX and Linux systems "
either there is an error in the howto, or maybe its just time for me to
start the weekend ;-)
regards
Werner
--
GMX DSL Doppel-Flat ab 19,99 Euro/mtl.! Jetzt mit
gratis Handy-Flat! http://portal.gmx.net/de/go/dsl
Linda Walsh
2011-03-29 02:24:17 UTC
Permalink
Post by Daniel Müller
This is setting the bit for the group even with msoffice-files correctly
directory mask=2770
force directory mode=2770
create mask = 2770
force create mode=2770
force security mode=2770
force directory security mode=2770
----
Unfortunately, I don't think the 'local linux' version allows the
setUID functionality to work on directories.

SetGID and allowing the propagation of the GID _does_ work.

I'd guess on the reasoning: on any linux I've run on, users can't give
away files to other users. Allowing this 'bit' to work would effectively
do the same thing.
Daniel Müller
2011-03-29 11:05:01 UTC
Permalink
Hm!! but I do it on centos 5.5 , it is working
Post by Linda Walsh
Post by Daniel Müller
This is setting the bit for the group even with msoffice-files correctly
directory mask=2770
force directory mode=2770
create mask = 2770
force create mode=2770
force security mode=2770
force directory security mode=2770
----
Unfortunately, I don't think the 'local linux' version allows the
setUID functionality to work on directories.
SetGID and allowing the propagation of the GID _does_ work.
I'd guess on the reasoning: on any linux I've run on, users can't give
away files to other users. Allowing this 'bit' to work would
effectively
Post by Linda Walsh
do the same thing.
Linda Walsh
2011-04-01 19:17:15 UTC
Permalink
Post by Daniel Müller
Post by Linda Walsh
Post by Daniel Müller
This is setting the bit for the group even with msoffice-files
correctly
Post by Linda Walsh
Post by Daniel Müller
directory mask=2770
force directory mode=2770
create mask = 2770
force create mode=2770
force security mode=2770
force directory security mode=2770
----
Unfortunately, I don't think the 'local linux' version allows the
setUID functionality to work on directories.
SetGID and allowing the propagation of the GID _does_ work.
I'd guess on the reasoning: on any linux I've run on, users can't give
away files to other users. Allowing this 'bit' to work would
effectively do the same thing.
--------
Hm!! but I do it on centos 5.5 , it is working
----------

You do what? You mean you, for example:

mkdir ~/suid-test-dir
chmod 777 ~/suid-test-dir
sudo chown daemon.daemon ~/suid-test-dir
sudo chmod u+s,g+s ~/suid-test-dir
touch ~/suid-test-dir/file

Now what are the user and group set on the file?

I see the file's "user" still set to me (i.e. setuid on dir didn't work),
though the files "group" is set to 'daemon' (i.e. setgid on dir does work).

You are saying that on centos, both the user and group of 'file' are
*both* set to 'daemon'?

Loading...