samba-technical digest, Vol 1 #546 - 8 msgs
Joe Doran
joed at interlude.eu.org
Tue Apr 3 22:19:21 GMT 2001
> > If all these parameters are being enforced properly the create stuff shouldn't
> > affect setting ACLs, right? If you want to "acl ignore mask" you just set the
> > second 4 parameters to 0 or 777 or whatever. Adding another parameter seems
> > totally redundant.
> >
> > Am I missing something?
>
> No, that's essentially correct. The reasoning behind the
> parameter is that an admin may want to set a restriction
> that group owners always have rw access for example, and
> not enforcing that when a "create with ACL" open is done
> would break that policy. With "acl ignore masks = False"
> then a create with ACL would have the restriction applied.
>
> Jeremy.
This is true.
I usually set my clients up as follows.
A user drive with force modes on files & dirs of 0700.
A group drive with force modes on files & dirs of 0770.
And lastly a public drive with perms of 0777.
That way uses have a wide range of access to whatever storage they need.
It would certainly cause confusion if a user with nt could change files within these
drives. However as I have said before it would be nice to override these masks and
apply acl perms if it was the admin group doing it.
Joe.
BTW anyone aware of oplock problems with ACT2000?. I have read one or two problems
with this package. Any info appreciated. I do know that this product relys on what
looks like db files. dbf databases are not multiuser as far as I am aware so the
product probably relies solely on oplocks.
More information about the samba-technical
mailing list