[Samba] acl, no rights and possibility to delete files
Michael Heydon
michaelh at jaswin.com.au
Wed Feb 13 23:14:22 GMT 2008
<mailto:michaelh at jaswin.com.au>Hervé Hénoch wrote:
> Hello,
>
> I've a samba 3.0.24 and a share in ext3 with acl.
>
> I've set on a file the following permissions on a file a.txt :
>
> vssamba:/# getfacl /mnt/samba/partage/a.txt
> getfacl: Removing leading '/' from absolute path names
> # file: mnt/samba/partage/a.txt
> # owner: herve
> # group: users
> user::rwx
> group::r--
> other::r--
>
> The rights for share "Partage" are :
>
> [partage]
> comment = blablabla
> path = /mnt/samba/partage
> public = yes
> writable = yes
> directory mask = 0744
> create mask = 0744
> security mask = 0744
> force security mode = 0
> directory security mask = 0744
> force directory security mode = 0
>
> BUT, a user in "others" can delete the file from Windows XP !!!!
> What I have missed ?
>
What are the permissions on the parent directory?
Deleting a file doesn't require permission to write to the file, it is a
change to the directory...
~/test$ ls -la
total 8
drwxr-xr-x 2 user group 4096 2008-02-14 08:09 ./
drwxr-xr-x 17 user group 4096 2008-02-14 08:09 ../
~/test$ touch asdf
~/test$ chmod 000 asdf
~/test$ rm -f asdf
~/test$ touch asdf
~/test$ chmod 555 ./
~/test$ rm -f asdf
rm: cannot remove `asdf': Permission denied
~/test$ touch ./zxcv
touch: cannot touch `./zxcv': Permission denied
As you can see, removing all permissions from asdf doesn't prevent me
from deleting it (although I wouldn't be able to modify it) it is the
write permission on the parent directory that controls whether or not I
can create or delete files.
*Michael Heydon - IT Administrator *
michaelh at jaswin.com.au <mailto:michaelh at jaswin.com.au>
More information about the samba
mailing list