[Samba] Prevent Samba clients from changing group ownership?
v1twoz at nottheoilrig.com
Thu Jun 7 10:32:24 MDT 2012
On 06/06/12 01:35 AM, Jonathan Buzzard wrote:
> On Wed, 2012-06-06 at 06:47 +0000, Dirk Traenapp wrote:
>> With this configuration i can force every new folder or file belonging
>> to default-group of the parent folder.
> But won't stop me *changing* the ownership of file or folder.
Right, and thanks for all the advice. We want the group ownership of all
files and folders in a particular directory to be "www-data", so we used
"chmod g+s" on the directory. This seems to work well for many Samba
clients, but we notice that the group ownership of files created or
edited by some Samaba clients is the default group of the user, not
"www-data". The client is (at least one version of) Mac OS X
I assume what is happening is that the "g+s" permission on the directory
is respected when files are created, but that clients are able to change
the group ownership of files, and this is what the Mac OS X client is doing?
It sounds like the only way to prevent clients from changing group
ownership is with rich permissions (which I haven't checked out yet) and
disabling Unix extensions
More information about the samba