[Samba] inconsistence behavior concerning security
Leandro Ariel Gomez Chavarria
lgomez at cencosud.com.ar
Wed Apr 7 20:11:33 GMT 2004
Hi all, I have a share for 2 groups of users in which I need this behavior:
Group A: can create/delete files
Group B: only can modify files
I solve this with a share rw for both groups, and FS directory permissions are 2770 and groupA is the owner of the directory, and an acl for groupB which is r-x
Then the default acl for this directory is rwx for GroupB, so, when something is created here, recive rwx permissions.
Everything looks to work fine, I tested with .txt files in a w2k and it's ok.
BUT!: it doesn't work with MS Office files! (xls, doc, ppt, etc)
Example:
drwxrws--- 2 CENCOSUD+Administrator CENCOSUD+Inventario_Easy_CL 4096 Apr 7 16:57 .
# file: .
# owner: CENCOSUD+Administrator
# group: CENCOSUD+Inventario_Easy_CL
user::rwx
group::rwx
group:CENCOSUD+Inventario_Easy_CL_RX:r-x
mask::rwx
other::---
default:user::rwx
default:group::rwx
default:group:CENCOSUD+Adm_FileSystem_CL:rwx
default:group:CENCOSUD+Inventario_Easy_CL_RX:rwx
default:mask::rwx
default:other::---
-rw-rwx--- 1 root CENCOSUD+Inventario_Easy_CL 11776 Apr 7 16:54 test.xls
-rw-rwx--- 1 root CENCOSUD+Inventario_Easy_CL 0 Apr 7 16:57 test.txt
[root at phmafs02 Inventario_Easy_CL]# getfacl test*
# file: test.txt
# owner: root
# group: CENCOSUD+Inventario_Easy_CL
user::rw-
group::rw-
group:CENCOSUD+Inventario_Easy_CL_RX:rwx
mask::rwx
other::---
# file: test.xls
# owner: root
# group: CENCOSUD+Inventario_Easy_CL
user::rw-
group::rwx
group:CENCOSUD+Inventario_Easy_CL_RX:rwx
mask::rwx
other::---
And this is the log of an operation of open with a xls file:
[2004/04/07 16:54:55, 2] smbd/open.c:open_file(246)
cl opened file Inventario_Easy_CL/test.xls read=Yes write=No (numopen=2)
[2004/04/07 16:54:55, 2] smbd/close.c:close_normal_file(230)
cencosud+cl closed file Inventario_Easy_CL/test.xls (numopen=1)
[2004/04/07 16:54:55, 2] smbd/open.c:open_file(246)
cl opened file Inventario_Easy_CL/test.xls read=Yes write=No (numopen=2)
[2004/04/07 16:54:56, 2] smbd/close.c:close_normal_file(230)
cencosud+cl closed file Inventario_Easy_CL/test.xls (numopen=1)
[2004/04/07 16:54:56, 2] smbd/open.c:open_file(246)
cl opened file Inventario_Easy_CL/test.xls read=Yes write=No (numopen=2)
[2004/04/07 16:54:56, 2] smbd/close.c:close_normal_file(230)
cencosud+cl closed file Inventario_Easy_CL/test.xls (numopen=1)
[2004/04/07 16:54:56, 2] smbd/open.c:open_file(246)
cl opened file Inventario_Easy_CL/test.xls read=Yes write=Yes (numopen=2)
[2004/04/07 16:54:57, 2] smbd/open.c:open_file(246)
cl opened file Inventario_Easy_CL/test.xls read=Yes write=No (numopen=3)
[2004/04/07 16:54:57, 2] smbd/close.c:close_normal_file(230)
cencosud+cl closed file Inventario_Easy_CL/test.xls (numopen=2)
Someone had a similar experience ???
Advices ? Workarounds ??
More information about the samba
mailing list