actually, is it normal that newly created content or copied
content, lets say folders, do not show anything in the
security tab in windows,
I mean there are not ticks under neither "Allow" nor "Deny"
only after these security setting are changed from within
windows ticks appear (have checked if using setfacl does the
same)
On 30/03/12 13:33, Aaron E. wrote:
you can set default permissions on the share folder using
something like this.. setfacl -m default:group:gid:perms
folder -- default perms are inherited..
On 03/30/2012 07:29 AM, lejeczek wrote:
actually it gets even more weird, from my perspective at
least
maybe it all works but not for empty folders
if there are no subfolders then everyone authenticated
has full control,
can delete the folder
permissions seem to begin to apply as soon as some
content ends up the
folder
but there is another thing
test\
testA
test.txt
testB
test.txt
if a user B was given, with means of windows client,
'Modify' permission
over testB and then this user creates test.txt in this
testB folder,
then nobody has access to the file apart from listing it,
cannot
open/read it
testA remained intact, userA created testA and test.txt
in it and
everybody can open/read test.txt
it seems like at the point where windows acl are added,
by adding a
user/permission to folder, that newly created file by
that added user
gets unix acl like this
# file: testB\test.txt
# owner: my_Buser
# group: Domain\040Users
user::rwx
user:my_Buser:rwx
group::---
mask::rwx
other::---
whereas testA\test.txt has no ACLs yet, in other words has:
# owner: my_Auser
# group: Domain\040Users
user::rwx
group::r--
other::r--
how to tell samba to make it readable to the group, by
default, at file
creation time?
many thanks
On 30/03/12 11:30, lejeczek wrote:
dear all
trivial kind of question for which I do apologize, but
it's sort of
puzzling
in a share when a windows client creates something samba
sets it as
755, yet another user can still delete, in this case a
folder
which part of configuration fixes it so it would behave
as expected?
what I have by default is:
acl check permissions = Yes
acl group control = No
acl map full control = Yes
create mask = 0744
force create mode = 00
security mask = 0777
force security mode = 00
directory mask = 0755
force directory mode = 00
directory security mask = 0777
force directory security mode = 00
force unknown acl user = No
inherit permissions = No
inherit acls = No
inherit owner = No
cheers
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
