On 04.04.2011 18:25, Chris Smith wrote:
On Mon, Apr 4, 2011 at 11:41 AM, Felix Brack<[email protected]> wrote:
# file: test-file
# owner: root
# group: root
user::rwx
group::rwx #effective:r--
group:Development:rwx #effective:r--
mask::r--
other::---
That's the same thing you would get if were logged into the system as
root and created the file. So it is an ACL issue.
# file: test-file
# owner: root
# group: root
user::rwx
group::rwx
group:Development:rwx
mask::rwx
other::---
At least now , If I am member of supplementary group 'Development', I should
have the same rights in directory 'test-directory' as if this was owned by
me (felix), right?
I would think so.
I don't know entirely what you want to accompplish, but it may be better to:
chgrp -R Development test-directory
What I am trying to accomplish is pretty simple: assigning access rights
to one ore more groups instead user(s).
Therefore changing the group with chgrp to 'Development' is most
definitely not what I want: what if there is more then one group? This
is what ACLs are used for: giving additional groups and users special
rights to access files. Moreover changing the group does not work, only
changing the owner (I already tried that). This is in fact what the
problem is all about. To put it simple: samba only seems to care about
the _user_ connecting to the share and ignores any other rights for that
user that might be assigned to him or her by means of group membership
(normal or defined by ACLs).
And eliminate:
force group = Development
invalid users = root administrator
from the share.
While adding:
valid users = +Development (and any other groups you want have access)
Eliminating 'force group' is not a good idea (for now) since it tells
smbd that connections should be established using group 'Development'.
It has nothing to do with access rights and I use it just as safety
precaution to make sure my client does not get connect as member of
group 'Domain Users'; if this would really happen I (or samba) could
have serious problems accessing the share.
The -s- flag will propagate new files and directories with the
Development group.
Basically a performance issue. See the section "Override controls" in:
http://samba.org/samba/docs/man/Samba-Guide/kerberos.html#id2613307
Agreed. As soon as everything is working I will try to remove 'force
group' and look if samba accesses the share with access rights defined
for group 'Development' instead of group 'Domain Users'.
Felix
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
