[Samba] file permissions on home directories and admin user copying files to it

[Christian Nabski]

So the only way to do this would be like in my initial mail ? 

in [homes] : 
root preexec = chown -R %S %P



John H Terpstra <jht at samba.org> wrote on 14/11/2003 02:34:06:


> 
> On Fri, 14 Nov 2003, Christian Nabski wrote:
> 
> > Hi Aaron,
> >
> > Thanks for your answer.
> > I already set the create mask for files and directories :
> > for files 0600 --> user can only write and read
> > for directories 0700 --> directories can be read and entered 
(executed) by
> > the user
> >
> > This however only sets the rights and not the ownership.
> >
> > The problem arises when an admin (in the adminlist) copies files from
> > another drive/share/... to the home share of a user via samba.
> > These copied files have then as owner root. The effect of this (0600 
and
> > root ) is that the user can not read or write to this file.
> 
> Correct. The same happens when root copies files under UNIX. If you copy
> them as a normal user this does not happen. Root always overrides UNIX
> security.
> 
> - John T.
> 
> > This is in fact a test server for a customer.
> > What they actually want is the behavior of windows :
> > the copied files inherit the rights of the directory where they are
> > created.
> > eg : homedir : 0700 owner : "the user" group "domain users"
> > The admin copies or created a file example.txt in homedir.
> > --> rights of example.txt : 0600 owner "the user" group "domain users"
> >
> > The group ownership is possible with chmod g+s homedir or chmod 2700
> > homedir.
> >
> > If I would set a create mask for files as 0660 and for directories 
0770
> > the problem would be solved but I wanted the restrict the rights to 
the
> > ones set.
> > And I don't want to maintain private groups (ala redhat) for these 
users.
> >
> > I am just wondering how other people do this with admins which don't 
know
> > anything about unix file permissions ?
> >
> >