[Samba] Extended ACL stealing ownership on 3.2.7

Harry Jede walk2sun at arcor.de
Fri Feb 6 09:49:24 GMT 2009


Hi Gavin,

> Hi all,
>
> After setting permissions on a file. If anyone authorised to open the
> file writes to it, the ACL gets deleted and that person becomes the
> owner of the file and the group is reset to the default.
That may be OK,
because some apps 
create a .tmp file before saving,
then delete the original file 
and last rename the .tmp file to the orinial filename.

And what permissions have you set on the share?

> For example, 
> whenever a certain user opens and changes a file in the problem
> folder he becomes the owner and another gets kicked of the list:
>
> More clearly, lee was the last one to write to this spreadsheet:
>
> getfac example.xls
> # file: example.xls
> # owner: joe
> # group: testgroup
> user::rwx
> user:graham:r-x
> user:julia:r-x
> user:lee:rwx
> user:paul:r-x
> group::r--
> mask::rwx
> other::r--
>
> How do I keep rwx on all the additional users, as they all aren't
> part of the "testgroup" group.
Try this:

Create a group for the Users who should write to this directory:

name: mygroup
member: graham, julia, paul

!!! parent directory !!!:
# owner: root
# group: testgroup
user::rwx
group::r--
mask::rwx
other::r--
group:domainadmins:rwx
group:mygroup:rwx
default:user::rwx
default:group::r--
default:group:domainadmins:rwx
default:group:mygroup:rwx
default:mask::rwx
default:other::r--

And now create a file in this directory or share and check the effective 
rights from a Windows XP Client

I have not testet this setup. But I am shure you get the right 
direction. 

The acl entries beginning with "default" are the rights for new created 
directories and files.

Avoid setting rights in the share definition, at least for testing this.


>
> Thanks.

-- 

Gruss
	Harry Jede


More information about the samba mailing list