[Samba] sticky bit, etc.

Yura Pismerov ypismerov at tucows.com
Thu Oct 31 03:01:02 GMT 2002


jef dodson wrote:
> 
> ok, that works to disallow non-owners from renaming the file, but what I would
> like to do is disallow EVERYONE ( including the owner of the file ) from
> editing, moving, or changing the filename once it is created.  the only person
> who should be able to make those changes is a special user.  any ideas about
> how to accomplish that?  Thanks.


Yeah, I realized that after I pressed Enter...
To me it looks like it can be done with ACLs only.
Or you can try postexec or cron script that will change ownership on the
files.
Looks kinda ugly, but it should work.

> 
> --- Yura Pismerov <ypismerov at tucows.com> wrote:
> >
> >
> > Yura Pismerov wrote:
> > >
> > > jef dodson wrote:
> > > >
> > > > I have a question about samba and sticky bits.  I have a share with the
> > > > following configuration:
> > > >
> > > > [documents]
> > > >   comment = documents
> > > >   path = /shares/documents
> > > >   public = no
> > > >   writeable = yes
> > > >   printable = no
> > > >   valid users = @lan1
> > > >   force user = docadmin
> > > ^^^^^^^^^^^^^^^^^^^^^^^^^^^
> > >
> > >         That is why.
> > >         No matter what username is, it will be forced to docadmin, so the
> > > sticky bit does not make much sense since the user who is manipulating
> > > the file is the owner of the file form the OS point of view.
> > >         To achieve what you want you need to remove "force user".
> >
> >
> >       Yeah, and create mode should be 0640 in this case.
> >
> > >
> > > >   force group = lan1
> > > >   create mode = 0440
> > > >   force create mode = 0440
> > > >   directory mode = 1770
> > > >   force directory mode = 1770
> > > >   delete read only = no
> > > >
> > > > I also have the sticky bit set on /shares/documents.
> > > >
> > > > Now, when I drop the file 'test.txt' in the directory, it has the
> > following
> > > > permissions:
> > > >
> > > > -r--r-----    1 docadmin lan1            4 Oct 29 17:45 test.txt
> > > >
> > > > Now, When I login to the server via ssh as jdodson, the sticky bit on the
> > > > directory prevents me from renaming the test.txt file.  However, when I
> > login
> > > > to the server from windows as jdodson, I can change the filename and move
> > the
> > > > file to another directory.  So, it seems that samba is ignoring the
> > sticky bit
> > > > on the /shares/documents directory.
> > > >
> > > > The ultimate goal for the behavior of the directory is this:
> > > >
> > > > when someone drops a file in the directory or subdirectory, it becomes
> > > > read-only so that it can't be edited, moved, or renamed by anyone except
> > for a
> > > > special user with admin priveleges.
> > > >
> > > > __________________________________________________
> > > > Do you Yahoo!?
> > > > HotJobs - Search new jobs daily now
> > > > http://hotjobs.yahoo.com/
> > > > --
> > > > To unsubscribe from this list go to the following URL and read the
> > > > instructions:  http://lists.samba.org/mailman/listinfo/samba
> > > --
> > > To unsubscribe from this list go to the following URL and read the
> > > instructions:  http://lists.samba.org/mailman/listinfo/samba
> 
> __________________________________________________
> Do you Yahoo!?
> HotJobs - Search new jobs daily now
> http://hotjobs.yahoo.com/
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  http://lists.samba.org/mailman/listinfo/samba



More information about the samba mailing list