On 07/05/2016 17:12, hw wrote: > Michael Orlitzky schrieb: >> On 04/23/2016 10:42 AM, hw wrote: >>> >>> Has it become entirely impossible to share a directory tree and the >>> files in it with multiple users when Linux is involved? This should be >>> a very simple thing to accomplish. >>> >> >> It was never possible. It's ridiculous, but there it is. The UNIX >> permissions model is too simple. ACLs were bolted on top, but most tools >> retain legacy behavior with respect to group masks that breaks default >> ACLs. You're seeing that same problem with your Samba share. >> >> Filesystem permissions are one thing that Windows got right. There's >> ongoing work to bring that model to Linux, >> >> https://en.wikipedia.org/wiki/Richacls >> >> but they're going to make the same mistake again[0] and allow the group >> bits to act as a mask. That means mkdir, tar, cp, 7z -- anything that >> tries to mess with group bits -- isn't going to work. They'll be DOA >> just like POSIX ACLs were. >> >> I think you can manage this with incron and POSIX ACLs. Instead of >> running "chmod g+w", use sys-apps/apply-default-acl to reset the >> permissions to the defaults that you set. >> >> I wrote apply-default-acl to solve exactly this problem. You just need >> to figure out a way to run it whenever things get screwed up. Which >> means, whenever a file or directory is created. >> >> >> [0] http://www.bestbits.at/richacl/man/richacl.7.txt >> >> Changing the file mode permission bits: >> >> When changing the file mode permission bits with chmod(1), the >> owner, group, and other file permission bits are set to the >> permission bits in the new mode... In addition, the masked and >> write_through ACL flags are set. This has the effect of limiting the >> permissions granted by the ACL to the file mode permission bits... >> >> > > Hm, I'm confused. Is it not possible to somehow force > samba to set a user and a group as owners of a file or > of a directory which is being created on a share? > > If that was possible, couldn't I mount that share with > the uid and gid of the owner and group samba enforces, > which would then allow multiple local users to access > the files and directories on that share as one?
Now you've added a whole new wrinkle that was never mentioned before - samba. Yes, samba can enforce the permissions you want on file system objects in shares it controls. To be accurate, it runs as root and presents the perms you want to the user, but only when accessing the files via samba. Look at these options in smb.conf create mask = 664 force create mode = 664 security mask = 664 force security mode = 664 directory mask = 2775 force directory mode = 2775 directory security mask = 2775 force directory security mode = 2775 With this you can achieve what you want, but you have to ensure that samba is the only way the users can access the files. I'm assuming you completely and correctly understand umask. -- Alan McKinnon alan.mckin...@gmail.com
