On Nov 11 19:31, Takashi Yano via Cygwin wrote: > On Fri, 8 Nov 2024 14:11:40 +0100 > Corinna Vinschen wrote: > > If the server is a Samba share, check if `force unknown acl user = yes' > > and for the share itself, check that > > > > read only = No > > vfs objects = acl_xattr > ^^^^^^^^^^^^^^^^^^^^^^^ > Thanks! This makes things better. > At least x permissions are set to executable compiled by gcc. > > However, something is still wrong in my environment.... > Others permission seems to be reffered in some cases.
I don't understand. Please run icacls for a just created file on your Samba share (without the below patch) as well as Windows' `whoami /all'. > > map acl inherit = Yes > > store dos attributes = Yes > > > > Not sure if that helps, but I don't have any other idea. I'm running > > Samba in an AD environment and "it works for me" :-P > > I looked into this probelm and found the NtAccessCheck() fails > for my samba environment. > > It seems that next patch solves this. > > diff --git a/winsup/cygwin/sec/base.cc b/winsup/cygwin/sec/base.cc > index d5e39d281..c519af6e0 100644 > --- a/winsup/cygwin/sec/base.cc > +++ b/winsup/cygwin/sec/base.cc > @@ -681,6 +681,9 @@ convert_samba_sd (security_descriptor &sd_ret) > ace->Header.AceFlags)) > return; > } > + /* Samba without AD seems to need this. */ > + add_access_allowed_ace (acl, FILE_ALL_ACCESS, > + well_known_authenticated_users_sid, acl_len, 0); > acl->AclSize = acl_len; > > RtlCreateSecurityDescriptor (&sd, SECURITY_DESCRIPTOR_REVISION); > > What do you think? Giving all authenticated users full permissions to all your files? Unconditionally? That sounds like opening a security hole wide open. Corinna -- Problem reports: https://cygwin.com/problems.html FAQ: https://cygwin.com/faq/ Documentation: https://cygwin.com/docs.html Unsubscribe info: https://cygwin.com/ml/#unsubscribe-simple
