[Samba] Cannot change directory permissions
Rowland Penny
rowlandpenny241155 at gmail.com
Fri Aug 7 11:47:56 UTC 2015
On 07/08/15 12:25, Felix Matouschek wrote:
> Hi Rowland,
>
>
> Regarding my permissions problem:
>
> Newly created files, no permission changes yet:
>
> ls -la:
> drwxrwx--- 3 fmatouschek vipco-users 4096 Aug 7 13:12 .
> drwxr-xr-x 55 root vipco-users 4096 Aug 4 10:12 ..
> drwxrwx--- 2 fmatouschek vipco-users 4096 Aug 7 13:11 Directory
> -rw-rw---- 1 fmatouschek vipco-users 0 Aug 7 13:12 File.txt
>
> getfacl:
> # file: .
> # owner: fmatouschek
> # group: vipco-users
> user::rwx
> group::rwx
> other::---
>
> Ticking "write protected" on properties (both file and directory):
>
> ls -la:
> drwxrwx--- 3 fmatouschek vipco-users 4096 Aug 7 13:17 .
> drwxr-xr-x 55 root vipco-users 4096 Aug 4 10:12 ..
> drwxrwx--- 2 fmatouschek vipco-users 4096 Aug 7 13:11 Directory
> -r--r----- 1 fmatouschek vipco-users 0 Aug 7 13:12 File.txt
>
> getfacl:
> # file: .
> # owner: fmatouschek
> # group: vipco-users
> user::rwx
> group::rwx
> other::---
>
> Using the security tab:
>
> ls -la:
> drwxrwx--- 3 fmatouschek vipco-users 4096 Aug 7 13:20 .
> drwxr-xr-x 55 root vipco-users 4096 Aug 4 10:12 ..
> drwxrwx---+ 2 fmatouschek vipco-users 4096 Aug 7 13:20 Directory
> -r--rwx---+ 1 fmatouschek vipco-users 0 Aug 7 13:20 File.txt
>
> getfacl:
> # file: .
> # owner: fmatouschek
> # group: vipco-users
> user::rwx
> group::rwx
> other::---
>
> # file: Directory/
> # owner: fmatouschek
> # group: vipco-users
> user::rwx
> user:fmatouschek:rwx
> group::rwx
> group:vipco-users:rwx
> mask::rwx
> other::---
> default:user::rwx
> default:user:fmatouschek:r--
> default:group::---
> default:group:vipco-users:r--
> default:mask::rwx
> default:other::---
>
> # file: File.txt
> # owner: fmatouschek
> # group: vipco-users
> user::r--
> user:fmatouschek:r--
> group::r--
> group:vipco-users:r--
> mask::rwx
> other::---
>
> According to this output only ticking write-protected on properties of a file does exactly what I want.
>
> Any ideas?
>
> Greetings,
> Felix
>
>
Taking this back on list where it belongs.
OK, you seem to understand Unix permissions, but anyway for those who don't:
Unix permissions are based on user:group: other AKA ugo. these are
expressed as the letters r w x , r means read, w means write, x means
execute if a file and enter if it is a directory. these can be set with
chmod and you can use the letters or numbers 1-7, to set to allow all
permissions you could use chmod 777 /path/to/dir
Now we have that out of the way, I can tell you that no member of Domain
Admins will be able to set anything on the directory from windows
because they don't have the permission to do so, either via Unix
permissions or windows ACLs. You need to use 'setfacl' to add the
required permissions for Domain Admins, see 'man setfacl' for how to do
this.
Rowland
More information about the samba
mailing list