ok, that works to disallow non-owners from renaming the file, but what I would like to do is disallow EVERYONE ( including the owner of the file ) from editing, moving, or changing the filename once it is created. the only person who should be able to make those changes is a special user. any ideas about how to accomplish that? Thanks.
--- Yura Pismerov <[EMAIL PROTECTED]> wrote: > > > Yura Pismerov wrote: > > > > jef dodson wrote: > > > > > > I have a question about samba and sticky bits. I have a share with the > > > following configuration: > > > > > > [documents] > > > comment = documents > > > path = /shares/documents > > > public = no > > > writeable = yes > > > printable = no > > > valid users = @lan1 > > > force user = docadmin > > ^^^^^^^^^^^^^^^^^^^^^^^^^^^ > > > > That is why. > > No matter what username is, it will be forced to docadmin, so the > > sticky bit does not make much sense since the user who is manipulating > > the file is the owner of the file form the OS point of view. > > To achieve what you want you need to remove "force user". > > > Yeah, and create mode should be 0640 in this case. > > > > > > force group = lan1 > > > create mode = 0440 > > > force create mode = 0440 > > > directory mode = 1770 > > > force directory mode = 1770 > > > delete read only = no > > > > > > I also have the sticky bit set on /shares/documents. > > > > > > Now, when I drop the file 'test.txt' in the directory, it has the > following > > > permissions: > > > > > > -r--r----- 1 docadmin lan1 4 Oct 29 17:45 test.txt > > > > > > Now, When I login to the server via ssh as jdodson, the sticky bit on the > > > directory prevents me from renaming the test.txt file. However, when I > login > > > to the server from windows as jdodson, I can change the filename and move > the > > > file to another directory. So, it seems that samba is ignoring the > sticky bit > > > on the /shares/documents directory. > > > > > > The ultimate goal for the behavior of the directory is this: > > > > > > when someone drops a file in the directory or subdirectory, it becomes > > > read-only so that it can't be edited, moved, or renamed by anyone except > for a > > > special user with admin priveleges. > > > > > > __________________________________________________ > > > Do you Yahoo!? > > > HotJobs - Search new jobs daily now > > > http://hotjobs.yahoo.com/ > > > -- > > > To unsubscribe from this list go to the following URL and read the > > > instructions: http://lists.samba.org/mailman/listinfo/samba > > -- > > To unsubscribe from this list go to the following URL and read the > > instructions: http://lists.samba.org/mailman/listinfo/samba __________________________________________________ Do you Yahoo!? HotJobs - Search new jobs daily now http://hotjobs.yahoo.com/ -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
