From: Axel Werner <[email protected]> Date: Mon, 23 May 2011 12:49:17 +0200
(snip) > I got a samba shared Directory like this: > > host:/someparentdirs/_AW_TEST# ls -lad . > d---rws---+ 3 root root 4096 2011-05-23 10:33 . > host:/someparentdirs/_AW_TEST# > > host:/someparentdirs/_AW_TEST# getfacl . > # file: . > # owner: root > # group: root > user::--- > group::--- > group:ALL:rwx > group:CCIGUESTS:rwx > mask::rwx > other::--- > default:user::--- > default:group::--- > default:group:ALL:rwx > default:mask::rwx > default:other::--- > > As u can see the Groups ALL are granted RWX. ANYTHING ELSE is been set > to owner root.root with 000 Permissions. (snip) > NOW a given Regular Windows-User "wernera" which is MEMBER OF "ALL" is > supposed to have READ-/WRITE PERSMISSIONS on those Files, right?? At > least i would expect that. > > But Fact is, that in this configuration my user "wernera" can only > access these Files "READ ONLY", independent of what Windows Application > used. He will be able to creat new files and all. But those existing > Files became READONLY for some reason. As far as I examined at Samba 3.5.6 self-compiled on Lenny and ACLs were set: # file: aclshare3/ # owner: root # group: root user::--- group::rwx <---- owner group permission group:aclshare3rw:rwx mask::rwx other::--- default:user::rwx default:group::rwx default:group:aclshare3rw:rwx default:mask::rwx default:other::--- [aclshare3] path = /some/where/aclshare3 writeable = yes force group = root inherit permissions = yes ; inherit owner = yes store dos attributes = yes map archive = no map read only = no Actually the owner group permission works as "mask" value. When I set: # setfacl -m m:rwx,g::--- aclshare3/ then no user can access to aclshare3 directory and when I set: # setfacl -m m:rwx,g::r-x aclshare3/ then no user can write to aclshare3 directory. Anyway, I recommend that root always have rwx on files when you use POSIX ACL to control access like: 1) chown root; chgrp root 2) chmod g+rwx; setfacl -m g::rwx; setfacl -d -m g::rwx 3) set "force group = root" --- TAKAHASHI Motonobu <[email protected]> -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
