summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--source3/smbd/file_access.c15
1 files changed, 13 insertions, 2 deletions
diff --git a/source3/smbd/file_access.c b/source3/smbd/file_access.c
index a248dd9f3b..9c77f9e961 100644
--- a/source3/smbd/file_access.c
+++ b/source3/smbd/file_access.c
@@ -89,7 +89,8 @@ bool can_delete_file_in_directory(connection_struct *conn, const char *fname)
}
#ifdef S_ISVTX
- /* sticky bit means delete only by owner or root. */
+ /* sticky bit means delete only by owner of file or by root or
+ * by owner of directory. */
if (sbuf.st_ex_mode & S_ISVTX) {
SMB_STRUCT_STAT sbuf_file;
if(SMB_VFS_STAT(conn, fname, &sbuf_file) != 0) {
@@ -98,14 +99,24 @@ bool can_delete_file_in_directory(connection_struct *conn, const char *fname)
* yes we'll be able to delete it. */
return True;
}
+ DEBUG(10,("can_delete_file_in_directory: can't "
+ "stat file %s (%s)",
+ fname, strerror(errno) ));
return False;
}
/*
* Patch from SATOH Fumiyasu <fumiyas@miraclelinux.com>
* for bug #3348. Don't assume owning sticky bit
* directory means write access allowed.
+ * Fail to delete if we're not the owner of the file,
+ * or the owner of the directory as we have no possible
+ * chance of deleting. Otherwise, go on and check the ACL.
*/
- if (conn->server_info->utok.uid != sbuf_file.st_ex_uid) {
+ if ((conn->server_info->utok.uid != sbuf.st_ex_uid) &&
+ (conn->server_info->utok.uid != sbuf_file.st_ex_uid)) {
+ DEBUG(10,("can_delete_file_in_directory: not "
+ "owner of file %s or directory %s",
+ fname, dname));
return False;
}
}