Proposal to remove confusing "security XX mask" parameters for 4.0.0

Ricky Nance ricky.nance at weaubleau.k12.mo.us
Wed Oct 3 13:57:14 MDT 2012


>From my stand point, these options are more confusing than helpful. Users
coming from Samba 3 often try to specify these options AND try to use the
'Windows security settings'. Just last week a user had issues related to
setting these and not getting the outcome they expected. I had them remove
everything from the share definition except the path and 'read only = no'
options and set it though windows and they were  quite pleased when things
worked as expected. In my opinion these options were put in an old system
to make up for the things it lacked (at the time), and it would show
progression to remove them and make it work for "todays" systems. Please
don't misunderstand me these were great with Samba 3, but from a users
standpoint its MUCH easier to use ACL's.

Ricky

On Wed, Oct 3, 2012 at 2:45 PM, Scott Lovenberg
<scott.lovenberg at gmail.com>wrote:

> On Wed, Oct 3, 2012 at 2:49 PM, Jeremy Allison <jra at samba.org> wrote:
> > On Wed, Oct 03, 2012 at 09:18:51AM -0400, Scott Lovenberg wrote:
> >>
> >> I just read the thread that spawned this thread.  I feel I should
> >> clarify my position.  I have used these bits to get around bugs with
> >> Office documents, now that those bugs are all stomped, I have no
> >> reason to ever use these parameters again.
> >
> > Ok, so that's *slightly* worrying :-). You did use them
> > separately once ?
> >
> > Jeremy.
>
> "Slightly", indeed! :)
>
> It's been a few years since this happened and I'm a bit fuzzy on the
> specifics, but I was affected by bug 2346
> (https://bugzilla.samba.org/show_bug.cgi?id=2346) where MS Office
> files get the wrong permissions.  I ended up using "force security
> mode = 660" to always keep the read and write permissions for the
> user/group that owned the file, regardless of what the client asked
> for.  It was ugly, but effective.
>
> Trying to keep them all straight while testing was a nightmare.
> Especially when you figure out all the modes are logical "or"s and the
> masks are logical "and"s, except for "directory mode" which is an
> alias for "directory mask".
> --
> Peace and Blessings,
> -Scott.
>



--


More information about the samba-technical mailing list