On Tue, Feb 22, 2005 at 09:23:57AM +0100, Cisowski, Daniel wrote: > Hi all, > > I'm reposting because there was no response from the list. I'd be glad if > anybody could comment... > > I'm planning a migration from Sun Microsystems' PCNetLink CIFS service to > Samba and have a problem I cannot solve: > > Is there a possibility to map Windows ACLs to reflect the following: > > We have user groups with their own group directories. We need to provide > some users in their group directories the ability to > read/create/modify/remove files, but they must not be able to change > permissions on the files/directories. In particular they must not take > ownership of files they are not owners of. > > I've tried to test this using Samba 3.0.10 on Solaris 9 and compiled with > --with-acl-support. The configuration for my test share has the following > ACL relevant settings: > security mask = 0777 > force security mode = 0 > directory security mask = 0777 > force directory security mask = 0 > But, if I try to set the following permissions (all except Full Control): > Modify, > Read & Execute > List Folder Contents > Read > Write > using Windows Explorer connected to the share on a subdirectory of the > share, I get 777 on UNIX file system and my Windows client sees 'full > control'. > > I'd be glad if anybody could confirm if the situation described above is > normal Samba behavior or not and if my problem can be solved at all (using > Samba).
Ok, don't think of this as a Windows ACL problem, think of it as a POSIX ACL problem and try and create a solution using that. That's what Samba3 is using under the covers anyway. Jeremy. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
