[Samba] Standalone Samba and group permission

Erik van Linstee erik at vanlinsteeict.nl
Mon Sep 6 12:46:58 MDT 2010


Hi,

I have been experimenting and googling without finding so much as a hint to what I am doing wrong.

I have a Samba server (Ubuntu 10.04) set up for standalone usage.
I have Posix ACL's enabled on my filesystem, and a directory with the following permissions:

# file: beheer/
# owner: beheerder
# group: users
user::rwx
user:clamav:r-x
user:beheerder:rwx
group::---
group:users:---
mask::rwx
other::---
default:user::rwx
default:user:clamav:r-x
default:user:beheerder:rwx
default:group::---
default:mask::rwx
default:other::---

The intention is that only the owner can use this directory and no one else, not even group members. The ACL confirms that group members have no access, I have even explicitly named the owner group with no rights. Others have no rights either.

Yet, everyone who is a member of the group users can change to this directory and create files in it. It does not matter if they connect with a Windows machine or a Linux one.

Once I change the group owner to some group the other users are not a member of, their access is denied as expected, but when I make them a member of that group, they regain access, even though group owner access is still set to ---.

I must be overlooking something, but what?

Hope anyone can help.

regards,
Erik

---

  ir. E.J.P. (Erik) van Linstee

  Van Linstee ICT


More information about the samba mailing list