ACL + excel = problems with permissions
sylvain.david at etranges-libellules.fr
sylvain.david at etranges-libellules.fr
Mon Jun 19 16:47:25 GMT 2006
Hi I have the same problem, and I hope you'll have the time to answer me.
My system is :
Debian Sarge (stable) + samba Version 3.0.14a-Debian + ext3 acl enabled
my smb.conf is joined in this email
my client are under windows XP SP1, windows XP SP2, windows 2000 SP4.
They all use Office Xp 2003 (I'm lucky, they didn't have a lot of
version of office...)
Description of the problem : Office modify ACLs on saving file and put
read only.
- ACL status before : getfacal file01.xls :
# owner: root
# group: root
user::rwx
user:root:rwx
group::---
group:Projet_01:rwx
mask::rwx
other::---
- user A, wich is in Projet_01 group, open file01.xls with excel 2003
and press ctrl S to save his modification. he get an error message :
share violation : file is stored, but re-open read only
- ACL status : getfacl file01.xls :
# owner: userA
# group: root
user::r--
user:root:rwx
user:reunion:rwx
group::---
group:Projet_01:rwx
mask::rwx
other::---
I noticed that :
- user can through the security properties of the file get back the good
rights rwx. but... my users find that boring and they're right.
- if user have explicit rwx right on the file, even if he's not the
owner, there is no problem.
- this doesn't appened on windows 2000 server
- force create mode or create mask seems to change nothing.
So, this appened when a user modify a file that he's not the owner AND
he don't have explicit rights AND with a microsoft office application.
I think about a few solution, but i find all of them "dirty". Here they
are :
1) using open office.
-> If I could, I surely do it, but, I need time to convert 60 people
loving excel and word to calc and writer. Even if they are all
programmers, trying to change habits is really hard. We exchange
documentation with other society which use ... ... excel, so for
compatibility reasons, we need excel. So even if it's a good solution,
it's hard to choose this solution. And... what if i noticed this problem
with another application ? This solution doesn't solve the problem at
the server side, but only in client side...
2) using a file monitor.
-> using gamin or any other file monitor to watch .xls and .doc file.
if a file is touched then apply the good rights (with the default right
of the parent directory...) This solution is dirty because my server
contain, a very very very lot of file, and I think it's a bottleneck
solution parsing all directories all the time. And, in real situation,
the error message of excel will appear anyway, because of the timing.
3) hack samba code and add a trigger on write file, to execute a script
wich force to set the good ACL?
-> probably a bottleneck solution... but... the best for me... but, I
don't have the level to code it.
4) use the "force user" argument in smb.conf
-> it works. but... loosing the owner notion of the whole file system is
a desperate solution.
5) use explicit user rights on every files.
-> it works too. but it remove all the magic of using group. And for now
I have "only" 60 users... and what will I do with 200 ?
6) is there any office patch or registry key or office config, or voodoo
danse to do in order to repair the special way of save of microsoft office ?
-> i found nothing on my friend google.
7) sending an email and pray you'll answer me something like : "I found
an evident solution and here it is" :)
-> I'm praying
--
Sylvain DAVID / administrateur réseau
adr : Etranges Libellules
.~. 17 Rue des Archers
/v\ 69002 LYON
/(°)\ tel : 04 72 40 24 72
^^-^^ fax : 04 72 40 27 19
www.etranges-libellules.fr
--
More information about the samba-technical
mailing list