Re: [Samba] Problem with ACL and Samba
Hey Robert
Thanks for your mail, here is what a did:
1. Set the ACLs to all dirs and files in the ADM dir:
find adm/ -type f -exec setfacl -m g:administ:rwx {} \;
find adm/ -type f -exec setfacl -m g:administ:rwx {} \;
3. Setting the default ACLs to the ADM dir:
setfacl -d -m u::rwx,g::rwx,o::--- adm/
setfacl -d -m g:administ:rwx adm/
4. Setting the default ACLs to all subdirs on ADM
find adm/ -type d -exec setfacl -d -m u::rwx,g::rwx,o::--- {} \;
find adm/ -type d -exec setfacl -d -m g:administ:rwx {} \;
5. In the Samba server I did this conf:
valid users = suporte,administ
write list = suporte,administ
read only = No
* force security mode = 0770
force create mode = 0777
force directory mode = 0777
inherit permissions = Yes
The more important flag, that solve the problem is force security mode =
0770.
Thanks a lot for all replyes!
Felipe
On Dec 19, 2007 11:21 PM, Cybionet <[EMAIL PROTECTED]> wrote:
> Greeting Felipe,
>
> Here a solution for your problem (I hope so). It works for me with
> MSOffice 2000/2003.
>
> First you need to set the POSIX rights before ACL(EA). These rights will
> be the base for your "real" permissions.
>
> - Create your folder, and set 2775 or 2770 permissions.
> - The assign the owner and group to root:root (you will understand
> shortly why).
> - Now you are ready to set the ACL(EA) permissions.
>
> The use of the 2775 permissions will gave access to the folder and his
> subdirectory for the share of the files. Or use directly the 2770
> permissions to limit access and share immediately your files in the
> folder.
>
> The SGID define in this permission allow the group to never be change,
> whatever the group of the owner who create a new file ou change a
> existing file. The owner has no importance, because it will be change at
> the creation ou modification of the file (it is the goal to know who
> have made the change).
>
> The share configuration, I suggest you something like this. The only
> parameters very important is "force create mode = 660" and "directory
> mode = 770".
>
> [workspace]
>
> comment = Whatever
> path = /pat/to/my/folder
>
> browseable = yes
> read only = no
>
> force create mode = 660
> directory mode = 770
>
> csc policy = disable
>
>
> Best Regards
>
> Robert
>
> --
> Cybionet - Solution reseautique
> http://www.cybionet.com
>
> > Dear All
> >
> > I am facing a strange problem that I could not solve, so, maybe you
> > can help
> > me.
> >
> > Look at this situation:
> >
> > I created a new directory with those ACLs (through Samba using Windows
> > XP)
> >
> > [EMAIL PROTECTED] /home/smb/adm]# getfacl teste
> > #file:teste
> > #owner:1002
> > #group:1006
> > user::rwx
> > group::rwx
> > group:suporte:rwx
> > group:administ:rwx
> > mask::rwx
> > other::---
> >
> > [EMAIL PROTECTED] /home/smb/adm]# getfacl -d teste
> > #file:teste
> > #owner:1002
> > #group:1006
> > user::rwx
> > group::rwx
> > group:suporte:rwx
> > group:administ:rwx
> > mask::rwx
> > other::---
> >
> > My ACLs are right, ok, now I will copy a XLS file to that folder:
> >
> > [EMAIL PROTECTED] /home/smb/adm]# getfacl teste/excel-test.xls
> > #file:teste/excel-test.xls
> > #owner:1002
> > #group:1006
> > user::rwx
> > group::rw-
> > group:suporte:rwx
> > group:administ:rwx
> > mask::rwx
> > other::---
> >
> > OK, the samba server inhert the permissions and the ACLs, everything
> > is fine
> > until now.
> >
> > But when I edit this file with MS Excel, and save it, look what happen
> to
> > the ACLs:
> >
> > [EMAIL PROTECTED] /home/smb/adm]# getfacl teste/excel-test.xls
> > #file:teste/excel-test.xls
> > #owner:1002
> > #group:1006
> > user::rwx
> > group::---
> > group:suporte:rwx
> > mask::rwx
> > other::---
> >
> > The ACL entry "group:administ:rwx" just have gone after I save the file.
> >
> > It happens with Windows XP, Vista, Office 2003 and 2007. My samba
> > version is
> > Samba version 3.0.26a, my SO is FreeBSD 6.2. I installed samba through
> > Ports.
> >
> > Anybody knows what is wrong?
> >
> > Thanks a lot!
> >
>
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/listinfo/samba
>
--
Felipe Tocchetto
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Problem with ACL and Samba
Hey Greg, thanks your reply: I put the defaults acls in my previous email, take a look: [EMAIL PROTECTED] /home/smb/adm]# getfacl -d teste #file:teste #owner:1002 #group:1006 user::rwx group::rwx group:suporte:rwx group:administ:rwx mask::rwx other::--- The default acls have the entries: group:suporte:rwx group:administ:rwx But after I edit the file, one of these disapear. I read something about a samba bug: https://bugzilla.samba.org/show_bug.cgi?id=2346 But it has been fixed a long time ago. Any tips? On Dec 19, 2007 8:50 AM, Greg Byshenk <[EMAIL PROTECTED]> wrote: > On Tue, Dec 18, 2007 at 10:15:42PM -0200, Felipe Tocchetto wrote: > > > I am facing a strange problem that I could not solve, so, maybe you can > help > > me. > > > > Look at this situation: > > > > I created a new directory with those ACLs (through Samba using Windows > XP) > > > > [EMAIL PROTECTED] /home/smb/adm]# getfacl teste > > #file:teste > > #owner:1002 > > #group:1006 > > user::rwx > > group::rwx > > group:suporte:rwx > > group:administ:rwx > > mask::rwx > > other::--- > > > > [EMAIL PROTECTED] /home/smb/adm]# getfacl -d teste > > #file:teste > > #owner:1002 > > #group:1006 > > user::rwx > > group::rwx > > group:suporte:rwx > > group:administ:rwx > > mask::rwx > > other::--- > > > > My ACLs are right, ok, now I will copy a XLS file to that folder: > > > > [EMAIL PROTECTED] /home/smb/adm]# getfacl teste/excel-test.xls > > #file:teste/excel-test.xls > > #owner:1002 > > #group:1006 > > user::rwx > > group::rw- > > group:suporte:rwx > > group:administ:rwx > > mask::rwx > > other::--- > > > > OK, the samba server inhert the permissions and the ACLs, everything is > fine > > until now. > > > > But when I edit this file with MS Excel, and save it, look what happen > to > > the ACLs: > > > > [EMAIL PROTECTED] /home/smb/adm]# getfacl teste/excel-test.xls > > #file:teste/excel-test.xls > > #owner:1002 > > #group:1006 > > user::rwx > > group::--- > > group:suporte:rwx > > mask::rwx > > other::--- > > > > The ACL entry "group:administ:rwx" just have gone after I save the file. > > > > It happens with Windows XP, Vista, Office 2003 and 2007. My samba > version is > > Samba version 3.0.26a, my SO is FreeBSD 6.2. I installed samba through > > Ports. > > > > Anybody knows what is wrong? > > > I'm not sure if it is the cause, but what are your default ACLs for the > directory in question? > > When you copy in a file from Windows, I think that it will preserve its > permissions, but if you edit and save, you are actually creating a new > file, which will be created based on the defaults for that location/user. > > Check the output of 'gefacl -d teste'. > > > -- > greg byshenk - [EMAIL PROTECTED] - Leiden, NL > -- Felipe Tocchetto -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Problem with ACL and Samba
Dear All I am facing a strange problem that I could not solve, so, maybe you can help me. Look at this situation: I created a new directory with those ACLs (through Samba using Windows XP) [EMAIL PROTECTED] /home/smb/adm]# getfacl teste #file:teste #owner:1002 #group:1006 user::rwx group::rwx group:suporte:rwx group:administ:rwx mask::rwx other::--- [EMAIL PROTECTED] /home/smb/adm]# getfacl -d teste #file:teste #owner:1002 #group:1006 user::rwx group::rwx group:suporte:rwx group:administ:rwx mask::rwx other::--- My ACLs are right, ok, now I will copy a XLS file to that folder: [EMAIL PROTECTED] /home/smb/adm]# getfacl teste/excel-test.xls #file:teste/excel-test.xls #owner:1002 #group:1006 user::rwx group::rw- group:suporte:rwx group:administ:rwx mask::rwx other::--- OK, the samba server inhert the permissions and the ACLs, everything is fine until now. But when I edit this file with MS Excel, and save it, look what happen to the ACLs: [EMAIL PROTECTED] /home/smb/adm]# getfacl teste/excel-test.xls #file:teste/excel-test.xls #owner:1002 #group:1006 user::rwx group::--- group:suporte:rwx mask::rwx other::--- The ACL entry "group:administ:rwx" just have gone after I save the file. It happens with Windows XP, Vista, Office 2003 and 2007. My samba version is Samba version 3.0.26a, my SO is FreeBSD 6.2. I installed samba through Ports. Anybody knows what is wrong? Thanks a lot! -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] samba + nis
It is possible to integrate the samba authentication with a NIS Domain? What I want to do is configure a PDC to use my nis users and passwords. Tks -- Felipe L. Tocchetto msn [EMAIL PROTECTED] icq 163263160 [EMAIL PROTECTED] http://www.felipe.tocchetto.com -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] locking files with samba - is that possible?
Does anybody know if is possible implement file locking in samba? I have an application that doesn´t make lock in files, and I would configure samba to do it. Can I do something like this? or not? -- Felipe L. Tocchetto msn [EMAIL PROTECTED] icq 163263160 [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] samba 3.0.14a + solaris acls
Hi all Yesterday i tried to update my samba to version 3.0.14a (we were using 3.0.10 without acl support) in a Solaris 8 server. I compiled with --with-acl-support option. Everything runs ok during the installation, but after I start the new samba some users can´t rename, edit or delete files in their shares, but they can create files. I do some tests over MS Word and Excel, creating new files direct in the share, they can only do all operations if the user is the owner of the directory, but when I try a getfacl in the directory, all the permissions are ok. I searched over the web and I find this: http://www.webservertalk.com/showthread.php?s=d453fd54ac8087f3ee4656e0af619b5e&threadid=1023454&perpage=10&pagenumber=1 this thread talks about a similar problem, but in my case, isn´t all users afected. Today I put the old version of samba back, without acl support. I tried to patch my samba source, but it didn´t work. Anybody knows what versions of samba have this problem with solaris ACLs? -- Felipe L. Tocchetto msn [EMAIL PROTECTED] icq 163263160 [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] file locking in samba
Hi all I am new on the list and i subscribe it do try to solve a problem that i am having with samba and file locking. Last week we changed from DreamWaver to NVU, the DreamWaver implements file locking but the NVU dont. What started to happen is that two users can edit the same file, the files are in a samba server (3.0.10). What i am trying to do is implement the file lock in samba, make the samba server control the access to the files, denying two users acess the same file. I make searched over google and find some useful parameters, o created a test share in my server to test, but it did not work. If somebody have already implemented it or know how to implement file locking in samba please give me some help. What i have tried in the share: blocking locks = yes locking = yes oplocks = false level2 oplocks = false strict locking = yes posix locking = yes share modes = yes Thanks a lot my email is [EMAIL PROTECTED] icq 163263160 msn [EMAIL PROTECTED] -- Felipe L. Tocchetto msn [EMAIL PROTECTED] icq 163263160 [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
