[Samba] SUQ: Share permissions

Åke Holmlund holm at informatik.umu.se
Fri Aug 2 06:50:02 GMT 2002


Hello.

In Unix, a user with write permissions in a directory can create, rename
and delete ANY file or directory within the main directory. The permissions
on the idividual files/directorys doesn't matter!

What You CAN do is to set the sticky bit (chmod +t) on the main directory.
If the sticky bit is set, only the owner of a file/directory can remove
and/or rename it. This is perhaps not exactly what You want but may be
sufficient.

/ÅH

Ps. I'm a Solaris user but i beleve it's the same in other Unix/Linux systems.

> When I create a test directory under the root share, it shows the following
> permissions:
> 
> drwxr-xr-x    3 PEAK\SorisioCE PEAK\Domain Users       42 Aug  1 17:31 New
> Folder
> 
> (smbcacls of New Folder)
> 
> REVISION:1
> OWNER:PEAK\SorisioCE
> GROUP:PEAK\Domain Users
> ACL:PEAK\SorisioCE:ALLOWED/0/FULL
> ACL:PEAK\Domain Users:ALLOWED/0/READ
> ACL:everyone:ALLOWED/0/READ
> ACL:PEAK\SorisioCE:ALLOWED/11/FULL
> ACL:PEAK\Domain Users:ALLOWED/11/R
> ACL:everyone:ALLOWED/11/R
> 
> Still, anyone who can write to the root share can delete New Folder.  I want
> to set it so that anyone can /create/ folders under the root share, but only
> the owner or admins can /delete/ all folders.
> 
> Permissions of the root share, /mnt/share/backup:
> 
> drwxrwxrwx    3 samba    root           23 Aug  1 15:55 backup
> 
> Thanks,
> 
> Chris
> 
> -----Original Message-----
> From: Goetz Rieger [mailto:goetz.rieger at suse.de]
> Sent: Friday, August 02, 2002 4:38 AM
> To: Sorisio,Chris
> Cc: samba at lists.samba.org
> Subject: Re: [Samba] SUQ: Share permissions
> 
> 
> Hey,
> 
> On Thu, 1 Aug 2002 17:04:47 -0400
> "Sorisio,Chris" <ChrisSorisio at PeakTechnical.com> wrote:
> 
> What permissions are given to the new directory? Do you work with
> filesystem ACLs?
> 
> Goetz
> 
> > Well, I want anyone to be able to write to it, but I want it to also
> > obey NT ACLs.
> >  
> > Example:
> >  
> > I have my root share, /mnt/share/test
> > 
> > Anyone should be able to create a directory under /mnt/share/test via NT
> > Explorer.  However, they should also be able to lock that directory so
> > that only they can delete.  I've tried to do this, and while I can block
> > someone from accessing said folder, I cannot block them from deleting
> > it.





More information about the samba mailing list