[Samba] file permissions on home directories and admin user
copying files to it
John H Terpstra
jht at samba.org
Fri Nov 14 01:34:06 GMT 2003
On Fri, 14 Nov 2003, Christian Nabski wrote:
> Hi Aaron,
>
> Thanks for your answer.
> I already set the create mask for files and directories :
> for files 0600 --> user can only write and read
> for directories 0700 --> directories can be read and entered (executed) by
> the user
>
> This however only sets the rights and not the ownership.
>
> The problem arises when an admin (in the adminlist) copies files from
> another drive/share/... to the home share of a user via samba.
> These copied files have then as owner root. The effect of this (0600 and
> root ) is that the user can not read or write to this file.
Correct. The same happens when root copies files under UNIX. If you copy
them as a normal user this does not happen. Root always overrides UNIX
security.
- John T.
> This is in fact a test server for a customer.
> What they actually want is the behavior of windows :
> the copied files inherit the rights of the directory where they are
> created.
> eg : homedir : 0700 owner : "the user" group "domain users"
> The admin copies or created a file example.txt in homedir.
> --> rights of example.txt : 0600 owner "the user" group "domain users"
>
> The group ownership is possible with chmod g+s homedir or chmod 2700
> homedir.
>
> If I would set a create mask for files as 0660 and for directories 0770
> the problem would be solved but I wanted the restrict the rights to the
> ones set.
> And I don't want to maintain private groups (ala redhat) for these users.
>
> I am just wondering how other people do this with admins which don't know
> anything about unix file permissions ?
>
>
> Regards,
>
> Christian
>
>
>
> Aaron Collins <Hellfire at fastq.com> wrote on 13/11/2003 21:19:13:
>
> >
> > You should have a look at the create mask option, it says what the
> > default permissions should be on files that get created. This will
> > override the default unix behavior.
> > See also inherit permissions , directory mask, force create mode and
> > force directory mode I think these are the options your looking for in
> > your smb.conf
> >
> > -Aaron c
> >
> > On Thu, 2003-11-13 at 11:40, Christian Nabski wrote:
> > > We want to copy files with the group in the admin list of the [homes]
> > > share. The problem is that the copied files then are owned by root.
> > > I know this is normal unix behavior. However we want the copied files
> to
> > > be owned by the user of the homeshare.
> > >
> > > I read the samba howto section "Users Cannot Write to a Public Share".
> > > Although I want to set the owner on the home shares and not on a
> public
> > > share.
> > > The mentioned section however does not seem to work on Redhat 7.3 nor
> RH
> > > AS 3 ?
> > > The group gets set correctly (gets changed to the group who owned the
> > > directory) but the user stays the same.
> > > I am wondering if this is a particular issue with the Redhat
> distribution
> > > or something else ?
> > >
> > > For now I tried this "solution" :
> > >
> > > in [homes] :
> > > root preexec = chown -R %S %P
> > >
> > > This works but I wonder if this is good solution ?
> > >
> > >
> > > Christian
> >
>
--
John H Terpstra
Email: jht at samba.org
More information about the samba
mailing list