Hi,
I have just noticed that files created inside a folder that has rwx
permissions also inherits the execute permission. In the case of a Time
Machine backup, this is unwanted.
# ls -adV /timemachine /timemachine/* /timemachine/*/*plist
drwxrwx--- 4 root users 4 Dec 5 16:58 /timemachine
owner@:rwxp-DaARWcCos:-------:allow
group@:rwxp-Da-R-c--s:-------:allow
everyone@:------a-R-c--s:-------:allow
drwx------+ 4 jca users 11 Dec 5 16:58
/timemachine/MacBook Pro de Joel.sparsebundle
user:jca:rwxpdDaARWcCos:-------:allow
groupsid:Local System@:rwxpdDaARWcCos:-------:allow
-rwx------+ 1 jca users 502 Dec 5 16:56
/timemachine/MacBook Pro de Joel.sparsebundle/Info.plist
user:jca:rwxpdDaARWcCos:-------:allow
groupsid:Local System@:rwxpdDaARWcCos:-------:allow
-rwx------+ 1 jca users 516 Dec 5 16:58
/timemachine/MacBook Pro de
Joel.sparsebundle/com.apple.TimeMachine.MachineID.plist
user:jca:rwxpdDaARWcCos:-------:allow
groupsid:Local System@:rwxpdDaARWcCos:-------:allow
-rwx------+ 1 jca users 220 Dec 5 16:58
/timemachine/MacBook Pro de
Joel.sparsebundle/com.apple.TimeMachine.SnapshotHistory.plist
user:jca:rwxpdDaARWcCos:-------:allow
groupsid:Local System@:rwxpdDaARWcCos:-------:allow
I'd like folders to be 0700 and files 0600.
Is there a way to force the files to not be created executable?
Thanks.
Le 02/12/2023 à 21:24, Guenther Alka a écrit :
Small correction for inheritance on create files and folders acl (tm
wants to create subfilders)
If you want to separate backups from several users you can use the
following three NFS v4 acl rules.
If you have a Windows machine, you can set ACL from there (easier than
console, or use my napp-it) as Windows ntfs ACL are quite identical to
NFS v4 ACL beside deny rules.
*on shared folder*
- allow read to this folder only for everyone with inheritance disabled
(to give access to share)
- allow creation of files and folders for everyone to this folder only
with inheritance enabled (to allow backups)
When a user creates a folder via tm backup he is owner.
You can use this to add rights for his own backup
- allow owner full or modify permissions with inheritance to files and
folders
Set nbmand and oplock to on, aclinherit to passthrough (ZFS properties)
Gea
Hi,
I could manage to publish an SMB share to be used with Time Machine
but I still can't figure out which are the right permissions to set
up. I read https://docs.oracle.com/cd/E36784_01/html/E36835/ftyxi.html
<https://docs.oracle.com/cd/E36784_01/html/E36835/ftyxi.html#scrolltoc>, created an smbuser group and two smbuser1, smbuser2 users, both belonging to the smbuser group. The dataset is call rpool/timemachine.
I ended up setting `chmod 1777 /timemachine` which allowed both users
to be used to create a backup. But that feels a bit too many
permissions for me. And as chmod breaks ACL inheritance, I understand
that I should not use this.
What would be the proper ACL set to apply to get something like : any
users from the smbuser group can create/delete/rename their own files
and subdirectories, but can't read/modify others ?
Thanks.
*illumos <https://illumos.topicbox.com/latest>* / illumos-discuss / see
discussions <https://illumos.topicbox.com/groups/discuss> + participants
<https://illumos.topicbox.com/groups/discuss/members> + delivery options
<https://illumos.topicbox.com/groups/discuss/subscription> Permalink
<https://illumos.topicbox.com/groups/discuss/Te31e27e278d377ff-Mf2746846e83b567d0c6ea91e>
--
Bonne journée,
Joel C.
Tél: +33 663541230
------------------------------------------
illumos: illumos-discuss
Permalink:
https://illumos.topicbox.com/groups/discuss/Te31e27e278d377ff-M946b0f71197cbf8e0e0326e8
Delivery options: https://illumos.topicbox.com/groups/discuss/subscription
