https://bugs.kde.org/show_bug.cgi?id=407975
Harald Sitter <sit...@kde.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |sit...@kde.org
--- Comment #1 from Harald Sitter <sit...@kde.org> ---
This is a bit more involved than what is described: To traverse any directory
the user (that is the user logged into the samba share) needs to have +x on all
parenting directories of the folder they are trying to navigate. That isn't
specific to home, nor is it specifically about the home directory.
Namely whenever a share is created we should actually walk up the dir tree and
+x on all directories. And that +x is also a bit tricky because either you set
all +x or you figure out which +x needs setting (in POSIX ACL or mode, as
available and applicable). I am not sure what the security implications of +x
exactly are, but forcing +x on everything seems a bit questionable.
Windows fundamentally has the same problem btw, and they've made a share wizard
to deal with this. Because in the end this is just one example of the eternal
conflict ShareACL != FileSystemACL. I.e. just because you give a user access on
a share level doesn't mean they have access on a file system level. So with
their wizard you just say userX should have RW access and userY should have R
access. The wizard then bends both types of ACLs into place all the way up the
directory tree so they meet the expected outcome. I feel like that may be where
we should go too.
Advanced users on the other hand could totally avoid the wizard and instead
fiddle with the ACLs and have constructs like fullcontrol for everyone on a
share level but then restrict effective access via the file system (that is
actually how windows wizard shares work I think; they share the top most
directory and then adjust NTFS permissions below that).
--
You are receiving this mail because:
You are watching all bug changes.
