[Samba] sticky bit, etc.

jef dodson jefdodson at yahoo.com
Thu Oct 31 01:18:01 GMT 2002


ok, that works to disallow non-owners from renaming the file, but what I would
like to do is disallow EVERYONE ( including the owner of the file ) from
editing, moving, or changing the filename once it is created.  the only person
who should be able to make those changes is a special user.  any ideas about
how to accomplish that?  Thanks.

--- Yura Pismerov <ypismerov at tucows.com> wrote:
> 
> 
> Yura Pismerov wrote:
> > 
> > jef dodson wrote:
> > >
> > > I have a question about samba and sticky bits.  I have a share with the
> > > following configuration:
> > >
> > > [documents]
> > >   comment = documents
> > >   path = /shares/documents
> > >   public = no
> > >   writeable = yes
> > >   printable = no
> > >   valid users = @lan1
> > >   force user = docadmin
> > ^^^^^^^^^^^^^^^^^^^^^^^^^^^
> > 
> >         That is why.
> >         No matter what username is, it will be forced to docadmin, so the
> > sticky bit does not make much sense since the user who is manipulating
> > the file is the owner of the file form the OS point of view.
> >         To achieve what you want you need to remove "force user".
> 
> 
> 	Yeah, and create mode should be 0640 in this case.
> 
> > 
> > >   force group = lan1
> > >   create mode = 0440
> > >   force create mode = 0440
> > >   directory mode = 1770
> > >   force directory mode = 1770
> > >   delete read only = no
> > >
> > > I also have the sticky bit set on /shares/documents.
> > >
> > > Now, when I drop the file 'test.txt' in the directory, it has the
> following
> > > permissions:
> > >
> > > -r--r-----    1 docadmin lan1            4 Oct 29 17:45 test.txt
> > >
> > > Now, When I login to the server via ssh as jdodson, the sticky bit on the
> > > directory prevents me from renaming the test.txt file.  However, when I
> login
> > > to the server from windows as jdodson, I can change the filename and move
> the
> > > file to another directory.  So, it seems that samba is ignoring the
> sticky bit
> > > on the /shares/documents directory.
> > >
> > > The ultimate goal for the behavior of the directory is this:
> > >
> > > when someone drops a file in the directory or subdirectory, it becomes
> > > read-only so that it can't be edited, moved, or renamed by anyone except
> for a
> > > special user with admin priveleges.
> > >
> > > __________________________________________________
> > > Do you Yahoo!?
> > > HotJobs - Search new jobs daily now
> > > http://hotjobs.yahoo.com/
> > > --
> > > To unsubscribe from this list go to the following URL and read the
> > > instructions:  http://lists.samba.org/mailman/listinfo/samba
> > --
> > To unsubscribe from this list go to the following URL and read the
> > instructions:  http://lists.samba.org/mailman/listinfo/samba


__________________________________________________
Do you Yahoo!?
HotJobs - Search new jobs daily now
http://hotjobs.yahoo.com/



More information about the samba mailing list