Mailinglist Archive: opensuse-security (232 mails)

< Previous Next >
Re: [suse-security] samba weirdness
  • From: Ariel Sabiguero Yawelak <asabigue@xxxxxxxxxxx>
  • Date: Wed, 12 Oct 2005 06:13:29 -0200
  • Message-id: <434CC5A9.30807@xxxxxxxxxxx>
Christian Boltz wrote:

Deleting a file requires write access to the _directory_ containing it.
So if user "samba_quota" has write access to the directory, he also can delete any file in it.

However, he can't delete files in a subdirectory (or the whole subdirectory) if he hasn't write permissions in that directory.
(But he can delete empty directories, to be complete.)

BTW: All I wrote isn't samba-specific.

Moreover, the simple action of removing a file from a directory does not mean that the file is going to be "really" removed. The file is going to be deleted if it only has 1 link left

#ls /storage
-rw-r--r-- 1 root root 137 Nov 22 2004 readme.txt

... but in the case of a file that has several links, you are only removing the link to the file that is under your control, which might have a different meaning than "removing a file". A user can choose which files his directory links to, regardless of the fact that the files belong to him or not :-)
Again, this is not samba-specific but might help understanding why there is a difference in having write access to a directory and read only access to a file... and being able to remove links to a file does not always mean being able to delete the file.



Christian Boltz

< Previous Next >