From 5cef57ff7d899773a084d23838b7f18a83f6e79d Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Thu, 11 Jun 2009 12:51:45 -0700 Subject: Fix bug #6297 - owner of sticky directory cannot delete files created by others. The reason we couldn't delete was we were erroring out early if requestor was not the owner of the file we wanted to delete, instead of checking if the requestor owned the directory as well. If either of these is true, we must go on and check the ACL. Karolin, this is a must for 3.4.0 and also 3.3.next. I'll update the bug report with patches for 3.4.0 and 3.3.next and ask vl to review. Jeremy. --- source3/smbd/file_access.c | 15 +++++++++++++-- 1 file changed, 13 insertions(+), 2 deletions(-) (limited to 'source3/smbd') diff --git a/source3/smbd/file_access.c b/source3/smbd/file_access.c index a248dd9f3b..9c77f9e961 100644 --- a/source3/smbd/file_access.c +++ b/source3/smbd/file_access.c @@ -89,7 +89,8 @@ bool can_delete_file_in_directory(connection_struct *conn, const char *fname) } #ifdef S_ISVTX - /* sticky bit means delete only by owner or root. */ + /* sticky bit means delete only by owner of file or by root or + * by owner of directory. */ if (sbuf.st_ex_mode & S_ISVTX) { SMB_STRUCT_STAT sbuf_file; if(SMB_VFS_STAT(conn, fname, &sbuf_file) != 0) { @@ -98,14 +99,24 @@ bool can_delete_file_in_directory(connection_struct *conn, const char *fname) * yes we'll be able to delete it. */ return True; } + DEBUG(10,("can_delete_file_in_directory: can't " + "stat file %s (%s)", + fname, strerror(errno) )); return False; } /* * Patch from SATOH Fumiyasu * for bug #3348. Don't assume owning sticky bit * directory means write access allowed. + * Fail to delete if we're not the owner of the file, + * or the owner of the directory as we have no possible + * chance of deleting. Otherwise, go on and check the ACL. */ - if (conn->server_info->utok.uid != sbuf_file.st_ex_uid) { + if ((conn->server_info->utok.uid != sbuf.st_ex_uid) && + (conn->server_info->utok.uid != sbuf_file.st_ex_uid)) { + DEBUG(10,("can_delete_file_in_directory: not " + "owner of file %s or directory %s", + fname, dname)); return False; } } -- cgit