[Samba] sticky bit, etc.
jef dodson
jefdodson at yahoo.com
Thu Oct 31 01:18:01 GMT 2002
ok, that works to disallow non-owners from renaming the file, but what I would
like to do is disallow EVERYONE ( including the owner of the file ) from
editing, moving, or changing the filename once it is created. the only person
who should be able to make those changes is a special user. any ideas about
how to accomplish that? Thanks.
--- Yura Pismerov <ypismerov at tucows.com> wrote:
>
>
> Yura Pismerov wrote:
> >
> > jef dodson wrote:
> > >
> > > I have a question about samba and sticky bits. I have a share with the
> > > following configuration:
> > >
> > > [documents]
> > > comment = documents
> > > path = /shares/documents
> > > public = no
> > > writeable = yes
> > > printable = no
> > > valid users = @lan1
> > > force user = docadmin
> > ^^^^^^^^^^^^^^^^^^^^^^^^^^^
> >
> > That is why.
> > No matter what username is, it will be forced to docadmin, so the
> > sticky bit does not make much sense since the user who is manipulating
> > the file is the owner of the file form the OS point of view.
> > To achieve what you want you need to remove "force user".
>
>
> Yeah, and create mode should be 0640 in this case.
>
> >
> > > force group = lan1
> > > create mode = 0440
> > > force create mode = 0440
> > > directory mode = 1770
> > > force directory mode = 1770
> > > delete read only = no
> > >
> > > I also have the sticky bit set on /shares/documents.
> > >
> > > Now, when I drop the file 'test.txt' in the directory, it has the
> following
> > > permissions:
> > >
> > > -r--r----- 1 docadmin lan1 4 Oct 29 17:45 test.txt
> > >
> > > Now, When I login to the server via ssh as jdodson, the sticky bit on the
> > > directory prevents me from renaming the test.txt file. However, when I
> login
> > > to the server from windows as jdodson, I can change the filename and move
> the
> > > file to another directory. So, it seems that samba is ignoring the
> sticky bit
> > > on the /shares/documents directory.
> > >
> > > The ultimate goal for the behavior of the directory is this:
> > >
> > > when someone drops a file in the directory or subdirectory, it becomes
> > > read-only so that it can't be edited, moved, or renamed by anyone except
> for a
> > > special user with admin priveleges.
> > >
> > > __________________________________________________
> > > Do you Yahoo!?
> > > HotJobs - Search new jobs daily now
> > > http://hotjobs.yahoo.com/
> > > --
> > > To unsubscribe from this list go to the following URL and read the
> > > instructions: http://lists.samba.org/mailman/listinfo/samba
> > --
> > To unsubscribe from this list go to the following URL and read the
> > instructions: http://lists.samba.org/mailman/listinfo/samba
__________________________________________________
Do you Yahoo!?
HotJobs - Search new jobs daily now
http://hotjobs.yahoo.com/
More information about the samba
mailing list