Re: [Samba] group share directory
On Sun, 2013-09-15 at 13:57 -0700, David Christensen wrote: but copying and moving didn't. How about a big hammer? cron: find /mnt/z/data -type f -exec chmod 777 {} \; as often as you think users may mv or cp. Try exec+ if they move a lot of files. HTH Steve -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] group share directory
On 09/16/13 02:10, steve wrote: How about a big hammer? cron: find /mnt/z/data -type f -exec chmod 777 {} \; as often as you think users may mv or cp. Try exec+ if they move a lot of files. Thanks for the reply. :-) I would also need to do directories. Ignoring the group sticky bit, the desired mode is the same. So, I could lose the find and just chmod -R 0777. But, what about symbolic links? Or sockets, named pipes, block or character specials, etc.? Hmmm... Perhaps I need to forget about local access and settle for a Samba solution for regular files and directories only -- e.g. configure Samba to provide the needed functionality and then make Samba the only way into or out of GroupShare. David -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] group share directory
On 09/16/13 09:58, David Christensen wrote: Perhaps I need to forget about local access and settle for a Samba solution for regular files and directories only -- e.g. configure Samba to provide the needed functionality and then make Samba the only way into or out of GroupShare. This seems to work: # grep groupshare /etc/passwd groupshare:x:999:999::/home/groupshare:/bin/false # grep groupshare /etc/group groupshare:x:999: # ls -ld /mnt/z/groupshare/ drwxrwxrwx 3 groupshare groupshare 4096 Sep 16 12:24 /mnt/z/groupshare/ # grep -A 99 groupshare /etc/samba/smb.conf [groupshare] path = /mnt/z/groupshare force user = groupshare read only = No create mask = 0777 force create mode = 0666 force security mode = 0666 directory mask = 0777 force directory mode = 0777 force directory security mode = 0777 force unknown acl user = Yes HTH, David -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] group share directory
On Mon, 2013-09-16 at 09:58 -0700, David Christensen wrote: On 09/16/13 02:10, steve wrote: How about a big hammer? cron: find /mnt/z/data -type f -exec chmod 777 {} \; as often as you think users may mv or cp. Try exec+ if they move a lot of files. Thanks for the reply. :-) I would also need to do directories. Ignoring the group sticky bit, the desired mode is the same. So, I could lose the find and just chmod -R 0777. But, what about symbolic links? Or sockets, named pipes, block or character specials, etc.? Hmmm... Perhaps I need to forget about local access and settle for a Samba solution for regular files and directories only -- e.g. configure Samba to provide the needed functionality and then make Samba the only way into or out of GroupShare. David Hi It picks up directories too. It will be slow without the find. Just find all the files without 777. If it doesn't find any, it won't do anything: find / -type f ! -perm 777 For symlinks everyone here will tell you not to use smb.conf: follow symlinks = Yes wide links = Yes sockets and pipes, don't know. Cheers -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] group share directory
samba: I am attempting to set up a group share directory on Debian Wheezy where any user can create or place files and directories, and every other user has full access to those files and directories. The directory will be accessed both locally and via Samba. Here is my Linux, distribution, and file system info: $ cat /proc/version Linux version 3.2.0-4-amd64 (debian-ker...@lists.debian.org) (gcc version 4.6.3 (Debian 4.6.3-14) ) #1 SMP Debian 3.2.46-1+deb7u1 $ cat /etc/debian_version 7.1 $ grep /mnt/z /proc/mounts /dev/mapper/data3000 /mnt/z ext4 rw,relatime,user_xattr,barrier=1,data=ordered 0 0 STFW I found a post for Samba only, but I need this to work for local access too: http://www.mail-archive.com/samba@lists.samba.org/msg88752.html STFW I found various posts with partial solutions based on Unix groups, directory permissions, the group sticky bit, and default ACL's: http://brunogirin.blogspot.com/2010/03/shared-folders-in-ubuntu-with-setgid.html http://techslaves.org/2010/04/23/posix-default-acls-umask-and-project-directories/ Here is a Bourne shell script that implements a partial solution: #!/bin/sh set -o nounset set -o errexit DIR=/mnt/z/data/GroupShare USERNAME=groupshare if `grep -q $USERNAME /etc/passwd`; then deluser --system $USERNAME; fi if `grep -q $USERNAME /etc/group`; then delgroup --system $USERNAME; fi if [ -d $DIR ]; then rm -rf $DIR; fi adduser --system --group --no-create-home $USERNAME mkdir $DIR chown $USERNAME:$USERNAME $DIR chmod 0777 $DIR chmod g+s $DIR setfacl -m d:u::rwx,d:g::rwx,d:o::rwx,d:m:rwx $DIR Running the script gives me a directory with the following ACL settings: $ getfacl /mnt/z/data/GroupShare getfacl: Removing leading '/' from absolute path names # file: mnt/z/data/GroupShare # owner: groupshare # group: groupshare # flags: -s- user::rwx group::rwx other::rwx default:user::rwx default:group::rwx default:mask::rwx default:other::rwx The directory works as intended if users create files and directories -- e.g. the GroupShare default ACL is applied to the new files and directories: $ touch /mnt/z/data/GroupShare/foo $ mkdir /mnt/z/data/GroupShare/bar $ ll /mnt/z/data/GroupShare total 12 drwxrwsrwx+ 3 groupshare groupshare 4096 2013/09/09 16:19:27 ./ drwxr-xr-x 7 root root 4096 2013/09/09 16:18:51 ../ drwxrwsrwx+ 2 dpchrist groupshare 4096 2013/09/09 16:19:27 bar/ -rw-rw-rw-+ 1 dpchrist groupshare0 2013/09/09 16:19:20 foo However, the directory doesn't work as intended if users copy or move files or directories: $ touch foo2 $ cp foo2 /mnt/z/data/GroupShare/. $ touch foo3 $ mv foo3 /mnt/z/data/GroupShare/. $ mkdir bar2 $ cp -R bar2 /mnt/z/data/GroupShare/. $ mkdir bar $ mv bar3 /mnt/z/data/GroupShare/. $ ll /mnt/z/data/GroupShare/ total 20 drwxrwsrwx+ 5 groupshare groupshare 4096 2013/09/14 23:36:02 ./ drwxr-xr-x 7 root root 4096 2013/09/09 16:18:51 ../ drwxrwsrwx+ 2 dpchrist groupshare 4096 2013/09/09 16:19:27 bar/ drwxr-sr-x 2 dpchrist dpchrist 4096 2013/09/14 23:34:32 bar2/ drwxr-sr-x 2 dpchrist dpchrist 4096 2013/09/14 23:35:04 bar3/ -rw-rw-rw-+ 1 dpchrist groupshare0 2013/09/09 16:19:20 foo -rw-r--r-- 1 dpchrist dpchrist 0 2013/09/14 23:35:50 foo2 -rw-r--r-- 1 dpchrist dpchrist 0 2013/09/14 23:35:58 foo3 Observe that the group ownership is incorrect, the permissions bits are incorrect, and the ACL is missing for the copied and moved files and directories. Has anybody found a solution to this problem? TIA, David -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] group share directory
On Sat, 2013-09-14 at 23:42 -0700, David Christensen wrote: samba: I am attempting to set up a group share directory on Debian Wheezy where any user can create or place files and directories, and every other user has full access to those files and directories. The directory will be accessed both locally and via Samba. You have set access via posix acls. Does the share have inherit acls = Yes? -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] group share directory
On 09/15/13 01:00, steve wrote: You have set access via posix acls. Does the share have inherit acls = Yes? Thanks for the reply. :-) Here is the Samba configuration for the share: # grep -A 9 data /etc/samba/smb.conf [data] path = /mnt/z/data read only = No create mask = 0777 directory mask = 0777 inherit acls = Yes Going from memory, the Samba behavior was the same as local behavior -- creating files and directories via Samba worked, but copying and moving didn't. David -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba