[Samba] ACL question
Cisowski, Daniel
daniel.cisowski at eds.com
Tue Feb 22 08:23:57 GMT 2005
Hi all,
I'm reposting because there was no response from the list. I'd be glad if
anybody could comment...
I'm planning a migration from Sun Microsystems' PCNetLink CIFS service to
Samba and have a problem I cannot solve:
Is there a possibility to map Windows ACLs to reflect the following:
We have user groups with their own group directories. We need to provide
some users in their group directories the ability to
read/create/modify/remove files, but they must not be able to change
permissions on the files/directories. In particular they must not take
ownership of files they are not owners of.
I've tried to test this using Samba 3.0.10 on Solaris 9 and compiled with
--with-acl-support. The configuration for my test share has the following
ACL relevant settings:
security mask = 0777
force security mode = 0
directory security mask = 0777
force directory security mask = 0
But, if I try to set the following permissions (all except Full Control):
Modify,
Read & Execute
List Folder Contents
Read
Write
using Windows Explorer connected to the share on a subdirectory of the
share, I get 777 on UNIX file system and my Windows client sees 'full
control'.
I'd be glad if anybody could confirm if the situation described above is
normal Samba behavior or not and if my problem can be solved at all (using
Samba).
Thanks in advance
Best regards,
Daniel
--
Daniel Cisowski
EDS Operations Services GmbH
EAD DP
Eisenstr. 58 (58-5-M)
D-65428 Ruesselsheim
mailto:daniel.cisowski at eds.com
jabber:daniel.cisowski at eim.eds.com
More information about the samba
mailing list