Alan McKinnon schrieb:
On 07/05/2016 17:12, hw wrote:
Michael Orlitzky schrieb:
On 04/23/2016 10:42 AM, hw wrote:
Has it become entirely impossible to share a directory tree and the
files in it with multiple users when Linux is involved? This should be
a very simple thing to accomplish.
It was never possible. It's ridiculous, but there it is. The UNIX
permissions model is too simple. ACLs were bolted on top, but most tools
retain legacy behavior with respect to group masks that breaks default
ACLs. You're seeing that same problem with your Samba share.
Filesystem permissions are one thing that Windows got right. There's
ongoing work to bring that model to Linux,
https://en.wikipedia.org/wiki/Richacls
but they're going to make the same mistake again[0] and allow the group
bits to act as a mask. That means mkdir, tar, cp, 7z -- anything that
tries to mess with group bits -- isn't going to work. They'll be DOA
just like POSIX ACLs were.
I think you can manage this with incron and POSIX ACLs. Instead of
running "chmod g+w", use sys-apps/apply-default-acl to reset the
permissions to the defaults that you set.
I wrote apply-default-acl to solve exactly this problem. You just need
to figure out a way to run it whenever things get screwed up. Which
means, whenever a file or directory is created.
[0] http://www.bestbits.at/richacl/man/richacl.7.txt
Changing the file mode permission bits:
When changing the file mode permission bits with chmod(1), the
owner, group, and other file permission bits are set to the
permission bits in the new mode... In addition, the masked and
write_through ACL flags are set. This has the effect of limiting the
permissions granted by the ACL to the file mode permission bits...
Hm, I'm confused. Is it not possible to somehow force
samba to set a user and a group as owners of a file or
of a directory which is being created on a share?
If that was possible, couldn't I mount that share with
the uid and gid of the owner and group samba enforces,
which would then allow multiple local users to access
the files and directories on that share as one?
Now you've added a whole new wrinkle that was never mentioned before -
samba. Yes, samba can enforce the permissions you want on file system
objects in shares it controls. To be accurate, it runs as root and
presents the perms you want to the user, but only when accessing the
files via samba. Look at these options in smb.conf
create mask = 664
force create mode = 664
security mask = 664
force security mode = 664
directory mask = 2775
force directory mode = 2775
directory security mask = 2775
force directory security mode = 2775
With this you can achieve what you want, but you have to ensure that
samba is the only way the users can access the files.
I'm assuming you completely and correctly understand umask.
Thank you very much! This seems to work --- and it is what I had
in mind to begin with, yet looking at the samba documentation made
me think that 'force create mode' (or what it was) has been removed
from the options some time recently.
