[Samba] ACLs and file copies/permissions

Paul Eggleton paule at cjntech.co.nz
Mon Jul 14 22:26:17 GMT 2003 

Tom Dickson wrote on Tuesday, 15 July 2003 9:40 a.m.:
> Hello all,
> 
> I want to make a Samba server act as much like an 2000 machine as
> possible. I've successfully got winbindd running, and also have
> compiled ACLs into the kernel and the XFS filesystem.  

Before you get too involved, it's worth knowing that Samba cannot fully
duplicate Windows file permissions - it only exposes the functionality
given by POSIX ACLs.  That is, you can have multiple users/groups on a
file, but each entry (ACE) only has read, write or execute as per Unix
standards, and some special groups (eg. "Authenticated Users") will not
work.

> Currently I have issues with default permissions (removing Everyone
> group, etc) (I have 2.2.5 right now). I think I'm going to have to
> tune the set directory mode/mask parameters, and I'm wondering if
> anyone has this working.  

I think 3.0 works a little better in this regard, however it seems that
you can never actually remove the Everyone group - you can only take
away all of its permissions.
 
> Also, what is the status on this
> http://lists.samba.org/pipermail/samba-technical/2003-June/045448.html
> issue? 

Haven't seen this one myself.

> Also, is it possible to give REAL full control to someone who is not
> the owner, or do I have to use the Windows chown program written by
> samba team first?  

Only if they act as root on the Unix machine (use the "admin users"
parameter in smb.conf). You can give read, write and execute access to a
file to anyone, but only root can change ownership of a file (this is a
Unix-imposed condition). You can specify @groupname (eg. "@DOMAIN\Domain
Admins") to give a whole group admin access.
 
> In other words, tell me everything you know about ACLs! :) Actually,
> if I get enough information I can help update the Samba HOWTO for
> this purpose.  

I would recommend (if you haven't already) that you read the relevant
parts of the latest HOWTO collection document at:

http://samba.org/~jht/NT4migration/Samba-HOWTO-Collection.pdf

There is also an unofficial Samba+ACL HOWTO (written by me):

http://www.bluelightning.org/linux/samba_acl_howto

I will be uploading an updated version when I get home this evening (in
about 8 hours). Corrections welcome.

Cheers,
Paul

More information about the samba mailing list