[Samba] file permission / ACL problems with Office files

Pierre Dehaen pi at drever.be
Fri Jul 1 07:43:30 GMT 2005 

Hi,

While searching for a resolution to my own permissions problem a few days 
ago, I saw a document related to your problem.

It is due to the way Office updates a file: it creates a new file with a temporary 
name, it deletes the old file, and then it renames the temporary file to the 
original name. That's why your ACLs are lost.

AFAIR the solution was to use default ACL entries in the upper directory so 
that the temporary file (and later the real file) receives ACLs at creation time. 
Well, that won't help much if your users are playing with specific ACLs on 
each individual file, but that's probably enough for most cases.

Although I have not tested it with this ACL case, another solution is maybe to 
use OpenOffice    ;-)

HTH
Pierre

On 30 Jun 2005 at 18:47, Eduard Panaset wrote:

> Hello,
> 
> I`m experiencing major problems after having migrated from Novell to 
> SLES 9.
> 
> My server configuration:
> - SLES 9.0, running on an Intel XEON machine
> - Samba 3.0.14a, standard bin package with ACL support
> - XFS as filesystem, with ACL support
> - Users are members of max. 40 Groups
> 
> My client configuration:
> - running Windows 98 up to Windows XP SP2, everything included
> - Office 97 up to 2003
> 
> The problem itself:
> Everything is working fine, except for one thing:
> After having copied all the files from Novell to SLES and setting all the
> permissions using a Windows XP client, everything is fine.
> But as soon as an Office user changes one of the files, the file 
> permissions
> are changed, and the ACL flags are lost.
> 
> It happens only if the users are creating new or saving previously created
> Office documents. And only with Office docs, meaning XLS and DOC and PPT 
> and
> so on files.
> 
> As soon as the user creates a file using notepad or something similar, the
> problem does not appear.
> 
> If the user copies one of the files with wrong permissions, the permissions
> of the copied file are set right.
> 
> So it is obviously a problem concerning Office and samba, but I don't 
> have a
> clue where to start.
> 
> Here's my smb.conf:
> -----------------------------------------------------------------
> [global]
>     workgroup = DBK-GROUP
>     server string = Fileserver
>     interfaces = 200.1.1.246/24
>     passdb backend = smbpasswd:/etc/samba/smbpasswd
>     username map = /etc/samba/smbusers
>     load printers = yes
>     printcap name = cups
>     socket options = SO_KEEPALIVE IPTOS_LOWDELAY TCP_NODELAY
>     logon script = logon.bat
>     logon path =
>     logon drive = H:
>     logon home =
>     domain logons = Yes
>     os level = 65
>     preferred master = Yes
>     domain master = Yes
>     dns proxy = No
>     wins support = Yes
>     kernel oplocks = No
>     idmap uid = 1000-1999
>     idmap gid = 2000-2999
>     winbind uid = 1000-1999
>     winbind gid = 2000-2999
>     winbind use default domain = yes
>     create mask = 0770
>     directory mask = 0775
>     force create mode = 0770
>         force directory mode = 0755
>     guest ok = Yes
>     veto oplock files = /*.doc/*.xls/*.mdb/*.cdx/*.dbf/
>     strict locking = No
>     admin users = root
> 
> [netlogon]
>     path = /home/samba/netlogon
>     write list = @ntadmin
> 
> [homes]
>     comment = Home Directories
>     valid users = %S
>     read only = No
>     create mask = 0600
>     directory mask = 0700
>     guest ok = No
>     browseable = No
>     admin users = root
> 
> [homes$]
>     path = /home
>     comment = Home Directories
>     valid users = root
>     read only = No
>     create mask = 0700
>     directory mask = 0700
>     guest ok = No
>     browseable = No
>     admin users = root
> 
> [printers]
>     comment = All Printers
>     path = /var/tmp
>     printable = Yes
>     guest ok = yes
>     use client driver = Yes
>     browseable = No
>     create mask = 0600
>     admin users = root
> 
> [print$]
>     comment = Printer Drivers
>     path = /var/lib/samba/drivers
>     write list = @ntadmin, root
>     force group = ntadmin
>     create mask = 0664
>     guest ok = No
>     admin users = root
> 
> [prdeedv001]
>     path = /var/tmp
>     printable = Yes
>     printer name = prdeedv001
>     use client driver = Yes
>     create mask = 0600
>     admin users = root
> 
> [vol1]
>     path = /data/VOL1
>     valid users = @dbkusers
>     read only = No
>     inherit permissions = Yes
>     inherit acls = Yes
>     map acl inherit = Yes
>     admin users = root
> 
> [vol2]
>     path = /data/VOL2
>     valid users = @dbkusers
>     read only = No
>     inherit permissions = Yes
>     inherit acls = Yes
>     map acl inherit = Yes
>     admin users = root
> 
> [vol3]
>     path = /data/VOL3
>     valid users = @dbkusers, at IS-Admins
>     read only = No
>     inherit permissions = Yes
>     inherit acls = Yes
>     map acl inherit = Yes
>     admin users = root
> 
> [vol4]
>     path = /data/VOL4
>     valid users = @dbkusers
>     read only = No
>     inherit permissions = Yes
>     inherit acls = Yes
>     map acl inherit = Yes
>     admin users = root
> -----------------------------------------------------------------
> 
> 
> Any help will be greatly appreciated!
> Thanks very much in advance!
> -- 
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/listinfo/samba
> 
>

More information about the samba mailing list