[Samba] Re: Re: file permissions with inherit permission + ACL's
Jay Flory
jflory at aeiconsultants.com
Fri Apr 20 13:58:08 GMT 2007
"Ralf Gross" <Ralf-Lists at ralfgross.de> wrote in message
news:20070419075232.GC26699 at p15145560.pureserver.info...
> Jay Flory schrieb:
>> > I have a share (testshare) where different unix groups (testgroup1,
>> > testgroup2) should have access to. But I want that new files are only
>> > created with 660 permissions.
>> >
>> > Here are the ACL's of testshare:
>> >
>> > # file: testshare
>> > # owner: ralfgro
>> > # group: ve
>> > user::rwx
>> > group::rwx
>> > group:testgroup1:rwx
>> > group:testgroup2:rwx
>> > mask::rwx
>> > other::---
>> > default:user::rwx
>> > default:group::---
>> > default:group:testgroup1:rwx
>> > default:group:testgroup2:rwx
>> > default:mask::rwx
>> > default:other::---
>> > [snip]
>> > I already played with the default mask ACL, but then I always ended
>> > with
>> > no
>> > executable bit on files _and_ directories which denies access to the
>> > new
>> > created directories...
>>
>> What would happen if you removed the default entries from your directory
>> ACLs? It looks to me like the default ACLs are being applied from the
>> directory to the newly created file. I believe that POSIX ACLs do this
>> by
>> design.
>
> But I need the default directory ACLs to give the 2 groups rights on
> all new created files and directories in this share, or am I wrong
> about this? The only thing I don't want is the executable bit on
> files.
>
> Ralf
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/listinfo/samba
>
Ralf,
I believe that Samba, with the "inherit acls = yes" setting, is designed to
set the permissions on the new subdirectories. The Definitive Guide to
Samba 3 puts it this way "When set to Yes, Samba copies a directory's ACLs
when creating subdirectories within it. The default value of No sets
directory permissions according to the directory mask, force directory mode,
and inherit permissions options instead".
If I am correct then the default ACL entries on your directory is redundant
for new sub directories and interfering when Samba tries to set permissions
on the new files (inherit permissions).
Thanks
Jay
More information about the samba
mailing list