[Samba] Re: Re: file permissions with inherit permission + ACL's
Ralf-Lists at ralfgross.de
Fri Apr 20 14:36:31 GMT 2007
Jay Flory schrieb:
> "Ralf Gross" <Ralf-Lists at ralfgross.de> wrote in message
> news:20070419075232.GC26699 at p15145560.pureserver.info...
> > Jay Flory schrieb:
> >> > I have a share (testshare) where different unix groups (testgroup1,
> >> > testgroup2) should have access to. But I want that new files are only
> >> > created with 660 permissions.
> >> >
> >> > Here are the ACL's of testshare:
> >> >
> >> > # file: testshare
> >> > # owner: ralfgro
> >> > # group: ve
> >> > user::rwx
> >> > group::rwx
> >> > group:testgroup1:rwx
> >> > group:testgroup2:rwx
> >> > mask::rwx
> >> > other::---
> >> > default:user::rwx
> >> > default:group::---
> >> > default:group:testgroup1:rwx
> >> > default:group:testgroup2:rwx
> >> > default:mask::rwx
> >> > default:other::---
> >> > [snip]
> >> > I already played with the default mask ACL, but then I always ended
> >> > with
> >> > no
> >> > executable bit on files _and_ directories which denies access to the
> >> > new
> >> > created directories...
> >> What would happen if you removed the default entries from your directory
> >> ACLs? It looks to me like the default ACLs are being applied from the
> >> directory to the newly created file. I believe that POSIX ACLs do this
> >> by
> >> design.
> > But I need the default directory ACLs to give the 2 groups rights on
> > all new created files and directories in this share, or am I wrong
> > about this? The only thing I don't want is the executable bit on
> > files.
> I believe that Samba, with the "inherit acls = yes" setting, is designed to
> set the permissions on the new subdirectories. The Definitive Guide to
> Samba 3 puts it this way "When set to Yes, Samba copies a directory's ACLs
> when creating subdirectories within it. The default value of No sets
> directory permissions according to the directory mask, force directory mode,
> and inherit permissions options instead".
> If I am correct then the default ACL entries on your directory is redundant
> for new sub directories and interfering when Samba tries to set permissions
> on the new files (inherit permissions).
I tried different settings, and it's basicially working with either
'inherit permissions' or 'inherit acls' + correct ACLs. But new files
are still created with the x-bit. I'm beginning to think, that there
is no way to prevent smb from setting this bit if the groups should
get access to new created directories.
My goal was:
- different groups with (maybe different) rights on all
- file should have only 660 permissions (no x-bit)
More information about the samba