[Samba] ACL question
Jeremy Allison
jra at samba.org
Tue Feb 22 18:12:58 GMT 2005
On Tue, Feb 22, 2005 at 09:23:57AM +0100, Cisowski, Daniel wrote:
> Hi all,
>
> I'm reposting because there was no response from the list. I'd be glad if
> anybody could comment...
>
> I'm planning a migration from Sun Microsystems' PCNetLink CIFS service to
> Samba and have a problem I cannot solve:
>
> Is there a possibility to map Windows ACLs to reflect the following:
>
> We have user groups with their own group directories. We need to provide
> some users in their group directories the ability to
> read/create/modify/remove files, but they must not be able to change
> permissions on the files/directories. In particular they must not take
> ownership of files they are not owners of.
>
> I've tried to test this using Samba 3.0.10 on Solaris 9 and compiled with
> --with-acl-support. The configuration for my test share has the following
> ACL relevant settings:
> security mask = 0777
> force security mode = 0
> directory security mask = 0777
> force directory security mask = 0
> But, if I try to set the following permissions (all except Full Control):
> Modify,
> Read & Execute
> List Folder Contents
> Read
> Write
> using Windows Explorer connected to the share on a subdirectory of the
> share, I get 777 on UNIX file system and my Windows client sees 'full
> control'.
>
> I'd be glad if anybody could confirm if the situation described above is
> normal Samba behavior or not and if my problem can be solved at all (using
> Samba).
Ok, don't think of this as a Windows ACL problem, think of it as a POSIX
ACL problem and try and create a solution using that. That's what Samba3
is using under the covers anyway.
Jeremy.
More information about the samba
mailing list