[Samba] Problem with ACL and Samba
Cybionet
cybionet at videotron.ca
Thu Dec 20 01:21:28 GMT 2007
Greeting Felipe,
Here a solution for your problem (I hope so). It works for me with
MSOffice 2000/2003.
First you need to set the POSIX rights before ACL(EA). These rights will
be the base for your "real" permissions.
- Create your folder, and set 2775 or 2770 permissions.
- The assign the owner and group to root:root (you will understand
shortly why).
- Now you are ready to set the ACL(EA) permissions.
The use of the 2775 permissions will gave access to the folder and his
subdirectory for the share of the files. Or use directly the 2770
permissions to limit access and share immediately your files in the folder.
The SGID define in this permission allow the group to never be change,
whatever the group of the owner who create a new file ou change a
existing file. The owner has no importance, because it will be change at
the creation ou modification of the file (it is the goal to know who
have made the change).
The share configuration, I suggest you something like this. The only
parameters very important is "force create mode = 660" and "directory
mode = 770".
[workspace]
comment = Whatever
path = /pat/to/my/folder
browseable = yes
read only = no
force create mode = 660
directory mode = 770
csc policy = disable
Best Regards
Robert
--
Cybionet - Solution reseautique
http://www.cybionet.com
> Dear All
>
> I am facing a strange problem that I could not solve, so, maybe you
> can help
> me.
>
> Look at this situation:
>
> I created a new directory with those ACLs (through Samba using Windows
> XP)
>
> [root at server /home/smb/adm]# getfacl teste
> #file:teste
> #owner:1002
> #group:1006
> user::rwx
> group::rwx
> group:suporte:rwx
> group:administ:rwx
> mask::rwx
> other::---
>
> [root at server /home/smb/adm]# getfacl -d teste
> #file:teste
> #owner:1002
> #group:1006
> user::rwx
> group::rwx
> group:suporte:rwx
> group:administ:rwx
> mask::rwx
> other::---
>
> My ACLs are right, ok, now I will copy a XLS file to that folder:
>
> [root at server /home/smb/adm]# getfacl teste/excel-test.xls
> #file:teste/excel-test.xls
> #owner:1002
> #group:1006
> user::rwx
> group::rw-
> group:suporte:rwx
> group:administ:rwx
> mask::rwx
> other::---
>
> OK, the samba server inhert the permissions and the ACLs, everything
> is fine
> until now.
>
> But when I edit this file with MS Excel, and save it, look what happen to
> the ACLs:
>
> [root at server /home/smb/adm]# getfacl teste/excel-test.xls
> #file:teste/excel-test.xls
> #owner:1002
> #group:1006
> user::rwx
> group::---
> group:suporte:rwx
> mask::rwx
> other::---
>
> The ACL entry "group:administ:rwx" just have gone after I save the file.
>
> It happens with Windows XP, Vista, Office 2003 and 2007. My samba
> version is
> Samba version 3.0.26a, my SO is FreeBSD 6.2. I installed samba through
> Ports.
>
> Anybody knows what is wrong?
>
> Thanks a lot!
>
More information about the samba
mailing list