In map_nt_perms any of FILE_READ_DATA, FILE_READ_EA or FILE_READ_ATTRIBUTES is mapped unconditionally to Unix read permission and similarly for write permission
This means that if I put a file on a samba share where I explicitly left *only* FILE_READ_ATTRIBUTES and FILE_READ_EA the file content becomes hiddenly readable also if I decided (for very good reasons) otherwise. I'd say that when a permission model is mapped to another permission model that has less or different granularity the resulting permission should be a subset of the original one. This would guarantee that unwanted data exposure is impossible. IMHO the only inconvenience that a strict/safer mapping would have is that the attempt to grant *only* a subset of read privileges would be a no effect (problem easily diagnosed and afforded without security risks and with access failure as a clear feedback). A possible alternative is to map only FILE_READ_DATA to Unix Read and to map Unix Read to FILE_READ_DATA | FILE_READ_EA | FILE_READ_ATTRIBUTES. This lead to a lesser security exposure (that however is unavoidable taken for granted Unix RWX security model) I'm missing something? -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
