Hidiho!
I have two small problems and I hope anybody can help me.
First a short description, what I want to do:
We are moving lots of data from a win2k server to a samba 3.0 server (on a
debian woody). The win2k server is the pdc of our network and will not be
deactivated. The samba server will only act as a file server - so we
installed it on a patched debian with XFS and ACL-support (samba was also
compiled with ACL-support).
What we did and why we did it :
We have a lot of different ACLs for folders. Our first problem was, that
there were different ACLs for folders, their subfolders, subsubfolders and
so on. We often had the problem that user A shouldn�t read the files in
Folder A but should have write-access to subsubfolder C. The situation was
a bit tricky because I couldn�t use shares (it would need over 200) so I
solved it that way:
I created groups that were able to change into the subfolders but were not
able to read the files on the way to it. For this purpose I set for this
group the "Traverse Folder/Execute Files" on the whole directory and only
granted read- or write-access on specific folders.
Example:
Directory A: user A: r-x, user B: --- (traverse directory)
Subdirectoy A: user A: rwx, user B: --- (traverse directory)
Subsubdirectory A: user A: rwx, user B: r-x
Subsubdirectory B: user A: rwx, user B: --- (solved by "traverse
directory")
Subdirectory B: user A: r-x, user B: rwx
This worked very fine.
Now to my first problem:
I have to move the directories from win2k to samba. So I started the "Total
Commander" and copied one folder to samba ("copy NTFS permissions" was
activated)
On win2k user A had this permissions:
Folder A: user A: traverse folder
Subfolder A: user A: read files
If I copy this from Windows to Samba everything is fine (in 90% of all
cases, sometimes not, but I am not able to reproduce it).
Now I change the permissions to this directory because user B should have
write-access to subfolder A (I use the "Windows Explorer" to set the
permissions in samba):
Permissions should be:
Folder A: user B: traverse folder
Subfolder B: user B: write files
Permissions are:
Folder A: user B: read files
Subfolder B: user B: write files
I can reproduce this problem. I open the "Properties" of "Folder A" to set
"List folder contents"-permissions on this directory. I change to
"Advanced" to change the permissions in all subfolders and delete the old
permissions - and after this all folders and files are readable. :(
I found this work-arround: first I set the "List folder contents"
-permission and change it to all subfolders. Now I open the "Advanced"
windows and change the permissions to "traverse folder/execute files",
"read attributes" and "read permissions" (sorry if the names are wrong but
I�m working on a german windows and have no english reference at home).
This works but now I don�t see a tick at the "List folder content" in the
permission window (I also don�t see this tick after copying the files from
windows to samba) :(
This is really annoying because I can�t set new permissions without setting
permissions twice (and my work time is exploding).
Second problem:
Does anybody know, how to set this "List folder content" by a script. I
tried to set the permissions by "setfacl" (because I have a lot of
different groups with different ACLs for one folder) but the problem is: I
can only set "read", "write" or "execute"-permissions. If I only set
"execute" to the directories, I can change to every subfolder but I can�t
see any file/folder on the way to it (I must know the way to my subfolder).
So I asked the people who wrote the ACL-patch for XFS but they only told
me:
<quote> Windows doesn't have a permission that gives access to
sub-directories but not to files. <end of quote> (maybe they aren�t
familiar with windows permissions).
Maybe I use the wrong command - I googled a lot the last few days but there
isn�t much documentation about linux and ACLs :(
Can anybody help me with my two small problems (I will also appreciate
other solutions without "List folder contents")?
Thanx
Phil
Wer sich zu wichtig f�r kleine Aufgaben h�lt, ist meist zu klein f�r
wichtige Aufgaben.
Jacques Tati
--
To unsubscribe from this list go to the following URL and read the
instructions: http://lists.samba.org/mailman/listinfo/samba
