Jay Flory schrieb: > > "Ralf Gross" <[EMAIL PROTECTED]> wrote in message > news:[EMAIL PROTECTED] > > Jay Flory schrieb: > >> > I have a share (testshare) where different unix groups (testgroup1, > >> > testgroup2) should have access to. But I want that new files are only > >> > created with 660 permissions. > >> > > >> > Here are the ACL's of testshare: > >> > > >> > # file: testshare > >> > # owner: ralfgro > >> > # group: ve > >> > user::rwx > >> > group::rwx > >> > group:testgroup1:rwx > >> > group:testgroup2:rwx > >> > mask::rwx > >> > other::--- > >> > default:user::rwx > >> > default:group::--- > >> > default:group:testgroup1:rwx > >> > default:group:testgroup2:rwx > >> > default:mask::rwx > >> > default:other::--- > >> > [snip] > >> > I already played with the default mask ACL, but then I always ended > >> > with > >> > no > >> > executable bit on files _and_ directories which denies access to the > >> > new > >> > created directories... > >> > >> What would happen if you removed the default entries from your directory > >> ACLs? It looks to me like the default ACLs are being applied from the > >> directory to the newly created file. I believe that POSIX ACLs do this > >> by > >> design. > > > > But I need the default directory ACLs to give the 2 groups rights on > > all new created files and directories in this share, or am I wrong > > about this? The only thing I don't want is the executable bit on > > files. > > > I believe that Samba, with the "inherit acls = yes" setting, is designed to > set the permissions on the new subdirectories. The Definitive Guide to > Samba 3 puts it this way "When set to Yes, Samba copies a directory's ACLs > when creating subdirectories within it. The default value of No sets > directory permissions according to the directory mask, force directory mode, > and inherit permissions options instead". > > If I am correct then the default ACL entries on your directory is redundant > for new sub directories and interfering when Samba tries to set permissions > on the new files (inherit permissions).
I tried different settings, and it's basicially working with either 'inherit permissions' or 'inherit acls' + correct ACLs. But new files are still created with the x-bit. I'm beginning to think, that there is no way to prevent smb from setting this bit if the groups should get access to new created directories. My goal was: - different groups with (maybe different) rights on all new files/directories - file should have only 660 permissions (no x-bit) Ralf -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
