[Samba] readonly files get un-erasable from win nt clients #REPOST
Thierry ITTY
thierry.itty at besancon.org
Tue May 20 09:25:11 GMT 2003
Hi
I posted this last week but go no answers. So I try again in case someone
has any idea...
I have a file server (linux with acl and quotas custom 2.4.18 kernel, samba
2.2.7a with acl, quotas and winbind)
among others there's a share on which any user of the domain is allowed to
put files, any user able to read and write other users' files (a public and
free space)
the problem is that sometimes people copy files from CDs where the readonly
bit is set, and once copied, nobody is allowed to remove them
here's an excerpt from smb.conf
# Global Parameters
security = DOMAIN
encrypt passwords = Yes
map to guest = Bad User
null passwords = Yes
os level = 10
winbind uid = 10000-19999
winbind gid = 10000-19999
valid users = +"CORP\Domain users"
read only = No
create mask = 0775
directory mask = 0775
[public]
path = /shares/tpublic/share
volume = PUBLIC
oplocks = no
create mask = 0770
directory mask = 0770
here's a getfacl to such a problem file :
# file: IMAGE.JPG
# owner: CORP\USER-01
# group: CORP\Domain users
user::r-x
group::r--
group:CORP\Domain users:rwx
mask::rwx
other::---
here's a ls -al of the same file :
[root at SERVER IMAGES]# ls -al
-r-xrwx---+ 1 CORP\USER-01 CORP\Domain users 479135 03-30 10:42 IMAGE.JPG
on thing I find weird is that entry "group::r--" in the getfacl result,
which should refer to the file creator's group, which is "# group:
CORP\Domain users", compared to the next line "group:CORP\Domain users:rwx"
in that situation, nobody even the creator himself can remove the file
i have to do an "setfacl -m g::rw- IMAGE.JPG" to update the acl entry
"group::r--" to allow the user (and anybody else from the domain, which is
anyway what i want) to remove the file
the question is : how did the file get such an acl when copied from a cd in
a win nt wks, and how can i avoid this ?
tia
- * - * - * - * - * - * -
Bien sûr que je suis perfectionniste !
Mais ne pourrais-je pas l'être mieux ?
Thierry ITTY
eMail : Thierry.Itty at Besancon.org FRANCE
More information about the samba
mailing list