[Samba] Extended ACL stealing ownership on 3.2.7
Harry Jede
walk2sun at arcor.de
Fri Feb 6 09:49:24 GMT 2009
Hi Gavin,
> Hi all,
>
> After setting permissions on a file. If anyone authorised to open the
> file writes to it, the ACL gets deleted and that person becomes the
> owner of the file and the group is reset to the default.
That may be OK,
because some apps
create a .tmp file before saving,
then delete the original file
and last rename the .tmp file to the orinial filename.
And what permissions have you set on the share?
> For example,
> whenever a certain user opens and changes a file in the problem
> folder he becomes the owner and another gets kicked of the list:
>
> More clearly, lee was the last one to write to this spreadsheet:
>
> getfac example.xls
> # file: example.xls
> # owner: joe
> # group: testgroup
> user::rwx
> user:graham:r-x
> user:julia:r-x
> user:lee:rwx
> user:paul:r-x
> group::r--
> mask::rwx
> other::r--
>
> How do I keep rwx on all the additional users, as they all aren't
> part of the "testgroup" group.
Try this:
Create a group for the Users who should write to this directory:
name: mygroup
member: graham, julia, paul
!!! parent directory !!!:
# owner: root
# group: testgroup
user::rwx
group::r--
mask::rwx
other::r--
group:domainadmins:rwx
group:mygroup:rwx
default:user::rwx
default:group::r--
default:group:domainadmins:rwx
default:group:mygroup:rwx
default:mask::rwx
default:other::r--
And now create a file in this directory or share and check the effective
rights from a Windows XP Client
I have not testet this setup. But I am shure you get the right
direction.
The acl entries beginning with "default" are the rights for new created
directories and files.
Avoid setting rights in the share definition, at least for testing this.
>
> Thanks.
--
Gruss
Harry Jede
More information about the samba
mailing list