Jeremy Allison schrieb: > On Fri, Feb 29, 2008 at 11:26:48AM +0100, Ralf Gross wrote: > > Ralf Gross schrieb: > > > > > > I've a question about the 'dos filemode' option (samba 3.0.24, debian > > > etch). I > > > want to use this option to allow group members with write access to > > > add/change > > > permissions. > > > > > > man smb.conf: > > > > > > dos filemode (S) > > > only the owner of a file/directory is able to change the permissions on > > > it. > > > However, this behavior is often confusing to DOS/Windows users. > > > Enabling > > > this parameter allows a user who has write access to the file (by whatever > > > means) to modify the permissions (including ACL) on it. Note that a user > > > belonging to the group owning the file will not be allowed to change > > > permissions if the group is only granted read access. Ownership of the > > > file/directory may also be changed. > > > > > > > > > I am member of the group users, but I've no write access to the > > > directory. So > > > I'd think that I'm not allowed to add users or change permissions. But > > > this is > > > not true here. > > [...] > > > > This starts to be a real problem here... > > > > The 'dos filemode' option is not working as described in the man page. > > At least not for me. > > > > Following the man page, user with write permissions should be abel to > > change permission. But that's not what I observe here. > > > > - the owning group is always able to change the permissions, even if I > > remove all permissions for this group (group::---). > > > > - other users with write access are not allowed to change permissions > > (either with direct rwx permissions or as member of a group with rwx > > perms) > > The docs are confusing here. For permission control, > the semantics of the "acl group control" are being > replaced by "dos filemode". The docs for "acl group control" > state : > > In a POSIX filesystem, only the owner of a file or directory and the > superuser > can modify the permissions and ACLs on a file. If this parameter is set, > then > Samba overrides this restriction, and also allows the primary group owner of > a > file or directory to modify the permissions and ACLs on that file. > > which is what you are seeing. > > The internal code is : > [snip] > What we should do I think is add the text from "acl group control" to > the "dos filemode" text.
Thanks, for your response. Btw, there is also an open bug report about this: https://bugzilla.samba.org/show_bug.cgi?id=5255 So the behavior of the 'dos filemode' option and the 'acl group control' are mixed at the moment? I think the description of the 'dos filemode' option in the man page is completely wrong... dos filemode (S) The default behavior in Samba is to provide UNIX-like behavior where only the owner of a file/directory is able to change the permissions on it. However, this behavior is often confusing to DOS/Windows users. Enabling this parameter allows a user who has write access to the file (by whatever means) to modify the permissions (including ACL) on it. Note that a user belonging to the group owning the file will not be allowed to change permissions if the group is only granted read access. Ownership of the file/directory may also be changed. ...because the owing group is always able to change permissions, regardless if it has write access to a file or not. And other users never get the right to change permissions, even if they have write access. Ralf -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
