[Samba] write list, read list, admin list does not work as expected

Voelz Alexander Alexander.Voelz at P7S1Produktion.de
Thu Jan 4 14:47:13 GMT 2007 

Dear group,

my understanding on how read, write and admin access of a share work,
differs from what I observe4.

What I understood from the documentation is that
*	if there's a read list the users in this list have ONLY read
access, no matter what the unix file/dir bits say
*	the read list ist superceded by the write list. Users can write
IF the underlying unix-FS permits it.
*	admin users have rw-access to every-file, no matter who the
owner is.

I am asking, because what I want is
*	Group A with admin access, so they can delete ALL files, no
matter who created them,
*	Group W with write access, with every user able to create files,
and able to delete his own, only,
*	Group R with read-only access. These users should only be able
to SEE what the others wrote.

In my samba-config it says:
*	write list   = @W
*	admin users  = @A
*	read list    = @R
*	force create mode = 775
*	force directory mode = 755 # default

I have a directory which has the unix bits 777:
*	drwxrwxrwx+ 2 vjuser vjusers 8192 Jan  4 10:32 Archive

But smbcacls says:
	> smbcacls //serverA/share Archive -U "DOMAIN/vo03a"
	OWNER:serverA\vjuser
	GROUP:serverA\vjusers
	ACL:DOMAIN\W:ALLOWED/3/READ
	ACL:DOMAIN\A:ALLOWED/3/FULL
	ACL:DOMAIN\R:ALLOWED/3/READ
	ACL:serverA\vjuser:ALLOWED/0/FULL
	ACL:serverA\vjusers:ALLOWED/0/READ
	ACL:\Everyone:ALLOWED/0/FULL
	ACL:\CREATOR OWNER:ALLOWED/11/FULL
	ACL:\CREATOR GROUP:ALLOWED/11/READ
	ACL:\Everyone:ALLOWED/11/


And I can't change this with smbcacls:

vo03a is Member of A:
	> getent group A
	
A:x:16782746:xx55x,ha06t,vo03a,ju02i,bri0002k,pos0002s,kn01r,ni05s

xxx0422z is Member of W:
	> getent group W
	W:x:16782751:xxx0422z

Did I at least understand the purpose of the different lists right?
Anyone with experience using these lists?

I don't think it matters, but the domain is a win2000SP1 domain, serverA
is just samba, no domain function. The groups are defined at domain
Level, as the users are.

Any advice is appreciated.

Regards,
Alexander

More information about the samba mailing list