Dear group,

my understanding on how read, write and admin access of a share work,
differs from what I observe4.

What I understood from the documentation is that
*       if there's a read list the users in this list have ONLY read
access, no matter what the unix file/dir bits say
*       the read list ist superceded by the write list. Users can write
IF the underlying unix-FS permits it.
*       admin users have rw-access to every-file, no matter who the
owner is.

I am asking, because what I want is
*       Group A with admin access, so they can delete ALL files, no
matter who created them,
*       Group W with write access, with every user able to create files,
and able to delete his own, only,
*       Group R with read-only access. These users should only be able
to SEE what the others wrote.

In my samba-config it says:
*       write list   = @W
*       admin users  = @A
*       read list    = @R
*       force create mode = 775
*       force directory mode = 755 # default

I have a directory which has the unix bits 777:
*       drwxrwxrwx+ 2 vjuser vjusers 8192 Jan  4 10:32 Archive

But smbcacls says:
        > smbcacls //serverA/share Archive -U "DOMAIN/vo03a"
        OWNER:serverA\vjuser
        GROUP:serverA\vjusers
        ACL:DOMAIN\W:ALLOWED/3/READ
        ACL:DOMAIN\A:ALLOWED/3/FULL
        ACL:DOMAIN\R:ALLOWED/3/READ
        ACL:serverA\vjuser:ALLOWED/0/FULL
        ACL:serverA\vjusers:ALLOWED/0/READ
        ACL:\Everyone:ALLOWED/0/FULL
        ACL:\CREATOR OWNER:ALLOWED/11/FULL
        ACL:\CREATOR GROUP:ALLOWED/11/READ
        ACL:\Everyone:ALLOWED/11/


And I can't change this with smbcacls:

vo03a is Member of A:
        > getent group A
        
A:x:16782746:xx55x,ha06t,vo03a,ju02i,bri0002k,pos0002s,kn01r,ni05s

xxx0422z is Member of W:
        > getent group W
        W:x:16782751:xxx0422z

Did I at least understand the purpose of the different lists right?
Anyone with experience using these lists?

I don't think it matters, but the domain is a win2000SP1 domain, serverA
is just samba, no domain function. The groups are defined at domain
Level, as the users are.

Any advice is appreciated.

Regards,
Alexander
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Reply via email to