[Samba] Right-management Bug?

luttenberger at cnsystems.at luttenberger at cnsystems.at
Tue Oct 14 16:51:10 GMT 2003


I have two small problems and I hope anybody can help me.

First a short description, what I want to do:
We are moving lots of data from a win2k server to a samba 3.0 server (on a
debian woody). The win2k server is the pdc of our network and will not be
deactivated. The samba server will only act as a file server - so we
installed it on a patched debian with XFS and ACL-support (samba was also
compiled with ACL-support).

What we did and why we did it :
We have a lot of different ACLs for folders. Our first problem was, that
there were different ACLs for folders, their subfolders, subsubfolders and
so on. We often had the problem that user A shouldn´t read the files in
Folder A but should have write-access to subsubfolder C. The situation was
a bit tricky because I couldn´t use shares (it would need over 200) so I
solved it that way:
I created groups that were able to change into the subfolders but were not
able to read the files on the way to it. For this purpose I set for this
group the "Traverse Folder/Execute Files" on the whole directory and only
granted read- or write-access on specific folders.

Directory A: user A: r-x, user B: --- (traverse directory)
  Subdirectoy A: user A: rwx, user B: --- (traverse directory)
     Subsubdirectory A: user A: rwx, user B: r-x
     Subsubdirectory B: user A: rwx, user B: --- (solved by "traverse
  Subdirectory B: user A: r-x, user B: rwx

This worked very fine.

Now to my first problem:
I have to move the directories from win2k to samba. So I started the "Total
Commander" and copied one folder to samba ("copy NTFS permissions" was
On win2k user A had this permissions:
Folder A: user A: traverse folder
  Subfolder A: user A: read files

If I copy this from Windows to Samba everything is fine (in 90% of all
cases, sometimes not, but I am not able to reproduce it).

Now I change the permissions to this directory because user B should have
write-access to subfolder A (I use the "Windows Explorer" to set the
permissions in samba):
Permissions should be:
Folder A: user B: traverse folder
   Subfolder B: user B: write files

Permissions are:
Folder A: user B: read files
   Subfolder B: user B: write files

I can reproduce this problem. I open the "Properties" of "Folder A" to set
"List folder contents"-permissions on this directory. I change to
"Advanced" to change the permissions in all subfolders and delete the old
permissions - and after this all folders and files are readable. :(
I found this work-arround: first I set the "List folder contents"
-permission and change it to all subfolders. Now I open the "Advanced"
windows and change the permissions to "traverse folder/execute files",
"read attributes" and "read permissions" (sorry if the names are wrong but
I´m working on a german windows and have no english reference at home).
This works but now I don´t see a tick at the "List folder content" in the
permission window (I also don´t see this tick after copying the files from
windows to samba) :(

This is really annoying because I can´t set new permissions without setting
permissions twice (and my work time is exploding).

Second problem:
Does anybody know, how to set this "List folder content" by a script. I
tried to set the permissions by "setfacl" (because I have a lot of
different groups with different ACLs for one folder) but the problem is: I
can only set "read", "write" or "execute"-permissions. If I only set
"execute" to the directories, I can change to every subfolder but I can´t
see any file/folder on the way to it (I must know the way to my subfolder).
So I asked the people who wrote the ACL-patch for XFS but they only told
<quote> Windows doesn't have a permission that gives access to
sub-directories but not to files. <end of quote> (maybe they aren´t
familiar with windows permissions).
Maybe I use the wrong command - I googled a lot the last few days but there
isn´t much documentation about linux and ACLs :(

Can anybody help me with my two small problems (I will also appreciate
other solutions without "List folder contents")?



Wer sich zu wichtig für kleine Aufgaben hält, ist meist zu klein für
wichtige Aufgaben.
Jacques Tati

More information about the samba mailing list