[Samba] readonly files get un-erasable from win nt clients #REPOST
Jordi Castells
jordi.castells at es.ingenico.com
Tue May 20 14:06:43 GMT 2003
hi,
try to use
force create mode = 0664
force directory mode = 0775
parameters to ensure files have write access
another good idea is to set the s bit to the parent directory (chmod g+s) to set group onwer of the files/directories to the same than the parent directory (I set a group of users with write access to the share, then this attribute allow users of this group the manage the files created by other users of the same group)
hope this helps to you
> -----Mensaje original-----
> De: Thierry ITTY [mailto:thierry.itty at besancon.org]
> Enviado el: martes, 20 de mayo de 2003 11:25
> Para: samba at lists.samba.org
> Asunto: [Samba] readonly files get un-erasable from win nt clients
> #REPOST
>
>
> Hi
>
> I posted this last week but go no answers. So I try again in
> case someone
> has any idea...
>
> I have a file server (linux with acl and quotas custom 2.4.18
> kernel, samba
> 2.2.7a with acl, quotas and winbind)
> among others there's a share on which any user of the domain
> is allowed to
> put files, any user able to read and write other users' files
> (a public and
> free space)
>
> the problem is that sometimes people copy files from CDs
> where the readonly
> bit is set, and once copied, nobody is allowed to remove them
>
> here's an excerpt from smb.conf
>
> # Global Parameters
> security = DOMAIN
> encrypt passwords = Yes
> map to guest = Bad User
> null passwords = Yes
> os level = 10
> winbind uid = 10000-19999
> winbind gid = 10000-19999
> valid users = +"CORP\Domain users"
> read only = No
> create mask = 0775
> directory mask = 0775
> [public]
> path = /shares/tpublic/share
> volume = PUBLIC
> oplocks = no
> create mask = 0770
> directory mask = 0770
>
> here's a getfacl to such a problem file :
>
> # file: IMAGE.JPG
> # owner: CORP\USER-01
> # group: CORP\Domain users
> user::r-x
> group::r--
> group:CORP\Domain users:rwx
> mask::rwx
> other::---
>
> here's a ls -al of the same file :
>
> [root at SERVER IMAGES]# ls -al
> -r-xrwx---+ 1 CORP\USER-01 CORP\Domain users 479135 03-30
> 10:42 IMAGE.JPG
>
> on thing I find weird is that entry "group::r--" in the
> getfacl result,
> which should refer to the file creator's group, which is "# group:
> CORP\Domain users", compared to the next line
> "group:CORP\Domain users:rwx"
>
> in that situation, nobody even the creator himself can remove the file
>
> i have to do an "setfacl -m g::rw- IMAGE.JPG" to update the acl entry
> "group::r--" to allow the user (and anybody else from the
> domain, which is
> anyway what i want) to remove the file
>
> the question is : how did the file get such an acl when
> copied from a cd in
> a win nt wks, and how can i avoid this ?
>
> tia
>
>
> - * - * - * - * - * - * -
> Bien sûr que je suis perfectionniste !
> Mais ne pourrais-je pas l'être mieux ?
> Thierry ITTY
> eMail : Thierry.Itty at Besancon.org FRANCE
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: http://lists.samba.org/mailman/listinfo/samba
>
More information about the samba
mailing list