[Samba] samba 3.2.5 + ACLs - read/write permission become read only
Axel Werner
mail at awerner.homeip.net
Tue May 24 06:55:24 MDT 2011
Hi TAKAHASHI and thanks for your reply.
well, what do u think? Is that a "feature" or a bug?
and where to file/report this "problem" to?
Should i report that thing to the samba bug tracker for more investigation?
greetings
Axel
Am 23.05.2011 18:03, TAKAHASHI Motonobu schrieb:
>
> As far as I examined at Samba 3.5.6 self-compiled on Lenny and ACLs
> were set:
>
> # file: aclshare3/
> # owner: root
> # group: root
> user::---
> group::rwx <---- owner group permission
> group:aclshare3rw:rwx
> mask::rwx
> other::---
> default:user::rwx
> default:group::rwx
> default:group:aclshare3rw:rwx
> default:mask::rwx
> default:other::---
>
> [aclshare3]
> path = /some/where/aclshare3
> writeable = yes
>
> force group = root
> inherit permissions = yes
> ; inherit owner = yes
>
> store dos attributes = yes
> map archive = no
> map read only = no
>
>
> Actually the owner group permission works as "mask" value. When I set:
>
> # setfacl -m m:rwx,g::--- aclshare3/
>
> then no user can access to aclshare3 directory and when I set:
>
> # setfacl -m m:rwx,g::r-x aclshare3/
>
> then no user can write to aclshare3 directory.
>
>
> Anyway, I recommend that root always have rwx on files when you use
> POSIX ACL to control access like:
>
> 1) chown root; chgrp root
> 2) chmod g+rwx; setfacl -m g::rwx; setfacl -d -m g::rwx
> 3) set "force group = root"
>
> ---
> TAKAHASHI Motonobu <monyo at samba.gr.jp>
More information about the samba
mailing list