[OpenIndiana-discuss] An odd permissions issue...

Edward Martinez mindbender_1 at live.com
Mon Feb 7 20:22:40 UTC 2011


On 02/07/11 11:41, Michelle Knight wrote:
> OK - this is going to be a difficult one to explain. Then again, I'm always
> known for coming across the strange stuff.
>
> Local box...
> Ubuntu 10.10
> User name "michelle" UID 1101
>   group name "michelle" UID 1101
>
> Remote box...
> OI 148
> User name "michelle" uid 1101
>   group name "michelle" UID 1101
> control group - "useradmin" uid 1200
>
> Remote box publishes a share by the name of "mirror" which is then mounted on
> the local client.
>
> To allow protection, but also access, the files in the user storage on the
> remote box are chown'ed to "<username>:useradmin" and chmod to 770 by a script
> every night. So if a user puts a file in during the day, a "useradmin" user is
> able to alter it the following day.
>
> In this case, "michelle:useradmin" ... so that a user administrator can get at
> the files, and also the owner can get at the files.
>
>
> The remote drive is mounted on the linux box as follows...
> sudo mount //192.168.0.2/mirror /home/michelle/Documents/mirror -o
> user=michelle,password=*********,file_mode=0777,dir_mode=0777
>
> On the local machine, all files on the remote share display as owned by
> root:root and chmod 777, but remote permissions are honored.
>
> So, as I am both mounted as myself and also I am a member of the useradmin
> group, I can manipulate all files on the remote system.
>
> However, there is a strange behaviour...
>
> On the share, a file which is as follows...
> test	michelle:useradmin 770
> ... can be browsed to and deleted regardless of whether the owner is
> "michelle:michelle" or "michelle:useradmin".
> IE. I can fully manipulate files.
>
> If I create a directory (before the maintenance script changes the ownership)
> it is created as "michelle:michelle" and I can delete it via the client with
> no issue.
>
> On a directory which is as follows...
> test	michelle:useradmin 770
> ...I get permission denied.
>
> Summary,
> A file which is either michelle:michelle or michelle:useradmin and set to 770,
> can be deleted through the smba mount.
> A directory which is set to michelle:michelle (770) can be deleted, but a file
> set to "michelle:useradmin" gets permission denied trying to delete it.
>
> It doesn't make sense to me.
> _______________________________________________
> OpenIndiana-discuss mailing list
> OpenIndiana-discuss at openindiana.org
> http://openindiana.org/mailman/listinfo/openindiana-discuss
>
>
     Hi,

    I think you need to grab an piece of paper and pencil and trace step 
by step the way you have setup and see if a directory or file,etc is not 
correctly configured, like, trace a program by hand to find a logical 
error.



-- 
Regards,
Edward




More information about the OpenIndiana-discuss mailing list