[Samba] inconsistence behavior concerning security

Leandro Ariel Gomez Chavarria lgomez at cencosud.com.ar
Wed Apr 7 20:11:33 GMT 2004


Hi all, I have a share for 2 groups of users in which I need this behavior:

Group A: can create/delete files
Group B: only can modify files

I solve this with a share rw for both groups, and FS directory permissions are 2770 and groupA is the owner of the directory, and an acl for groupB which is r-x

Then the default acl for this directory is rwx for GroupB, so, when something is created here, recive rwx permissions.

Everything looks to work fine, I tested with .txt files in a w2k and it's ok.

BUT!: it doesn't work with MS Office files! (xls, doc, ppt, etc)

Example:

drwxrws---    2 CENCOSUD+Administrator CENCOSUD+Inventario_Easy_CL     4096 Apr  7 16:57 .
# file: .
# owner: CENCOSUD+Administrator
# group: CENCOSUD+Inventario_Easy_CL
user::rwx
group::rwx
group:CENCOSUD+Inventario_Easy_CL_RX:r-x
mask::rwx
other::---
default:user::rwx
default:group::rwx
default:group:CENCOSUD+Adm_FileSystem_CL:rwx
default:group:CENCOSUD+Inventario_Easy_CL_RX:rwx
default:mask::rwx
default:other::---

-rw-rwx---    1 root     CENCOSUD+Inventario_Easy_CL    11776 Apr  7 16:54 test.xls
-rw-rwx---    1 root     CENCOSUD+Inventario_Easy_CL        0 Apr  7 16:57 test.txt

[root at phmafs02 Inventario_Easy_CL]# getfacl test*
# file: test.txt
# owner: root
# group: CENCOSUD+Inventario_Easy_CL
user::rw-
group::rw-
group:CENCOSUD+Inventario_Easy_CL_RX:rwx
mask::rwx
other::---

# file: test.xls
# owner: root
# group: CENCOSUD+Inventario_Easy_CL
user::rw-
group::rwx
group:CENCOSUD+Inventario_Easy_CL_RX:rwx
mask::rwx
other::---

And this is the log of an operation of open with a xls file:

[2004/04/07 16:54:55, 2] smbd/open.c:open_file(246)
  cl opened file Inventario_Easy_CL/test.xls read=Yes write=No (numopen=2)
[2004/04/07 16:54:55, 2] smbd/close.c:close_normal_file(230)
  cencosud+cl closed file Inventario_Easy_CL/test.xls (numopen=1) 
[2004/04/07 16:54:55, 2] smbd/open.c:open_file(246)
  cl opened file Inventario_Easy_CL/test.xls read=Yes write=No (numopen=2)
[2004/04/07 16:54:56, 2] smbd/close.c:close_normal_file(230)
  cencosud+cl closed file Inventario_Easy_CL/test.xls (numopen=1) 
[2004/04/07 16:54:56, 2] smbd/open.c:open_file(246)
  cl opened file Inventario_Easy_CL/test.xls read=Yes write=No (numopen=2)
[2004/04/07 16:54:56, 2] smbd/close.c:close_normal_file(230)
  cencosud+cl closed file Inventario_Easy_CL/test.xls (numopen=1) 
[2004/04/07 16:54:56, 2] smbd/open.c:open_file(246)
  cl opened file Inventario_Easy_CL/test.xls read=Yes write=Yes (numopen=2)
[2004/04/07 16:54:57, 2] smbd/open.c:open_file(246)
  cl opened file Inventario_Easy_CL/test.xls read=Yes write=No (numopen=3)
[2004/04/07 16:54:57, 2] smbd/close.c:close_normal_file(230)
  cencosud+cl closed file Inventario_Easy_CL/test.xls (numopen=2)


Someone had a similar experience ???

Advices ? Workarounds ??






More information about the samba mailing list