That was a type error in my previous post, the line in my smb.conf is of course:
read only = No
Вск 19 Май 2013 14:58:39 +0400, ?icro MEGAS написал:
Hello folks,
Samba 3.5.6 running and I have following share:
[public]
path = /data/public
read onlyXSSCleaned= No
create mask = 0777
directory mask = 0777
directory security mask = 0750
vfs object = acl_xattr
nt acl support = yes
dos filemode = yes
My filesystem ext4 which is mounted to /data supports acl,user_xattr and
setfacl/getfacl works fine.
ls -ld /data/public shows unix mode 0755 with owner=admin and group="Domain
Users"
All users have full access to the share \\samba\public and therefore are
allowed to create,modify,delete directories and files. My aim is that I want to
have a directory called "special" which is in /data/public/special. Only
restricted users and groups are allowed full access to this directory, the
"Domain Users" should only be able to have read/execute rights, but no
write/delete rights on this directory+subdirs.
"/data/public" has no ACL set. Here's an output of my ACL I have set manually
with setfacl on this "special" directory. Only user "john" and "doe" and group
"foobar" have full access to this "special" directory, and "Domain Users" or
other should only have read rights.
root@samba:/data/public# getfacl special
# file: special/
# owner: admin
# group: Domain\040Users
user::rwx
user:john:rwx
user:doe:rwx
group::r-x
group:foobar:rwx
mask::rwx
other::---
default:user::rwx
default:user:john:rwx
default:user:doe:rwx
default:group::r-x
default:group:foobar:rwx
default:mask::rwx
default:other::---
When user "john", "doe" or anyone of group "foobar" creates a new directory
inside the special dir, it has following modes:
root@samba:/data/public/special ls -l
drwxrwx-wx+ 2 john Domain Users 4096 19. Mai 12:43 newdir
==> This corresponds to unix mode 0773.
The ACL mode looks like that:
# file: newdir
# owner: john
# group: Domain\040Users
user::rwx
user:john:rwx
user:doe:rwx
group::rwx
group:foobar:rwx
mask::rwx
other::-wx
default:user::rwx
default:user:john:rwx
default:user:doe:rwx
default:group::r-x
default:group:foobar:rwx
default:mask::rwx
default:other::---
==> This corresponds to ACL security mode 0773.
Where does this strange 0773 come from? I would like to have ACL security mode
0750 on all new directories and files created inside "special" directory. I
also have tried to use "force directory security mode = 0750" in my smb.conf
but that doesn't help either. I have realized another odd behaviour, too:
when user "john", "doe", or anyone of group "foobar" creates a new directory
and DON'T name it, it will be called "New Directory". This directory has
following ACLs:
root@samba:/data/public/special# getfacl New\ Directory
# file: New Directory
# owner: john
# group: Domain\040Users
user::rwx
user:john:rwx
user:doe:rwx
group::r-x
group:foobar:rwx
mask::rwx
other::---
default:user::rwx
default:user:john:rwx
default:user:doe:rwx
default:group::r-x
default:group:foobar:rwx
default:mask::rwx
default:other::---
This would be the correct ACL I want to have to, it corresponds to 0750. But
why does this be applied only, if a new directory is created through windows
and not renamed to something else than the default directory name "New
Directory" ? I don't understand that. Please anyone tell me how to set
correctly ACL mode 0750 for all the new dirs/files inside my special dir.
Any help appreciated. Thanks a lot in advance.
Lucas.
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
