diff options
author | Jeremy Allison <jra@samba.org> | 2011-03-30 18:00:09 -0700 |
---|---|---|
committer | Jeremy Allison <jra@samba.org> | 2011-03-30 18:01:19 -0700 |
commit | f9a2f4f47c71e5054c05703e72c24f2f5a87d993 (patch) | |
tree | 9fa094086309602e548c577dd73e1d3f55d83873 /source3/smbd/dosmode.c | |
parent | cf5ed92bb78806403a857b371ef15f985a4e2b64 (diff) | |
download | samba-f9a2f4f47c71e5054c05703e72c24f2f5a87d993.tar.gz samba-f9a2f4f47c71e5054c05703e72c24f2f5a87d993.tar.xz samba-f9a2f4f47c71e5054c05703e72c24f2f5a87d993.zip |
Fix bug #7996 - sgid bit lost on folder rename.
Refuse to set dos attributes into unix mode bits on such a
folder.
Diffstat (limited to 'source3/smbd/dosmode.c')
-rw-r--r-- | source3/smbd/dosmode.c | 21 |
1 files changed, 21 insertions, 0 deletions
diff --git a/source3/smbd/dosmode.c b/source3/smbd/dosmode.c index 0e45e88d8d..1ea4c686d5 100644 --- a/source3/smbd/dosmode.c +++ b/source3/smbd/dosmode.c @@ -798,6 +798,27 @@ int file_set_dosmode(connection_struct *conn, struct smb_filename *smb_fname, unixmode |= (smb_fname->st.st_ex_mode & (S_IWUSR|S_IWGRP|S_IWOTH)); } + /* + * From the chmod 2 man page: + * + * "If the calling process is not privileged, and the group of the file + * does not match the effective group ID of the process or one of its + * supplementary group IDs, the S_ISGID bit will be turned off, but + * this will not cause an error to be returned." + * + * Simply refuse to do the chmod in this case. + */ + + if (S_ISDIR(smb_fname->st.st_ex_mode) && (unixmode & S_ISGID) && + geteuid() != sec_initial_uid() && + !current_user_in_group(conn, smb_fname->st.st_ex_gid)) { + DEBUG(3,("file_set_dosmode: setgid bit cannot be " + "set for directory %s\n", + smb_fname_str_dbg(smb_fname))); + errno = EPERM; + return -1; + } + ret = SMB_VFS_CHMOD(conn, smb_fname->base_name, unixmode); if (ret == 0) { if(!newfile || (lret != -1)) { |