[Samba] Permissions and security
Walter Mautner
walter.mautner at reflex.at
Tue May 26 10:09:00 GMT 2009
Am Dienstag 26 Mai 2009 11:13:13 schrieb Dennis Duggen:
> Hi list
>
> I have trouble setting up the system permissions to be secure. Here my
> basic setup.
>
> 2 groups: users and staff
>
> /home/user should have the permissions user:users rwx------
> /mnt/staff should have the permissions user:staff rwxrwx---
> For the last one users should'nt have access.
>
> I test with fx.: user=staffuser, primarygroup: users, member of group:
> staff
>
> If i setup the permissions to the above suggested i can create files but
> can't change them. So it seems i have the right permissions to create
> files but afterwards i don't. The files are created with the right
> permissions, username and group: staffuser:staff.
> So why can't the staffuser who is in the staff group access the files
> after initial creation.
>
You did look at the permissions the files had in the directory after they have
been created by staffuser?
I *suppose* the staffuser has the default umask of 022 which means no write
permissions for group "staff" ... and since the parent directory belongs to
"user", not "staffuser", no permission to modify/delete.
We still don't know if you have applied some "force create ..." stanzas to the
share in smb.conf or other directives to modify permissions.
More information about the samba
mailing list