On Fri, 12 Feb 2010 14:39:05 -0800 "Robert Edgar" <[email protected]> wrote:
> Files on my Vista mount always have the S mode (setgid bit?) set according > to ls -l. This is a security hole and causes other problems. I can't clear > the bit with chmod; in fact the results of doing chmod don't make any sense > to me (I'll be glad to provide examples). Typical files show as -rwxrwSrwx, > though not all. The smb.conf file has create mask 0666 and directory mask > 0777 various places. I inherited this smb.conf so am reluctant to mess with > it since I don't know what I'm doing. > Thanks for any advice. > Robert. > > I assuming this is using Linux CIFS? Older Linux CIFS versions set the file_mode to 02767. That has the setgid bit set, but the group execute bit is cleared. That's not really a security issue -- that combination is supposed to signal to the kernel that it should enforce mandatory locking. The problem though is that we don't really want or need the kernel to enforce that. Thus, more recent Linux kernel versions set the mode to something a bit more sane (0755, IIRC). You can override that on the one you're running by setting the file_mode= mount option (see the mount.cifs manpage). -- Jeff Layton <[email protected]> -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
