[Samba] mode & mask
Aaron E.
ssureshot at gmail.com
Fri Mar 30 06:33:52 MDT 2012
you can set default permissions on the share folder using something like
this.. setfacl -m default:group:gid:perms folder -- default perms are
inherited..
On 03/30/2012 07:29 AM, lejeczek wrote:
> actually it gets even more weird, from my perspective at least
> maybe it all works but not for empty folders
> if there are no subfolders then everyone authenticated has full control,
> can delete the folder
> permissions seem to begin to apply as soon as some content ends up the
> folder
>
> but there is another thing
>
> test\
> testA
> test.txt
> testB
> test.txt
>
> if a user B was given, with means of windows client, 'Modify' permission
> over testB and then this user creates test.txt in this testB folder,
> then nobody has access to the file apart from listing it, cannot
> open/read it
>
> testA remained intact, userA created testA and test.txt in it and
> everybody can open/read test.txt
>
> it seems like at the point where windows acl are added, by adding a
> user/permission to folder, that newly created file by that added user
> gets unix acl like this
>
> # file: testB\test.txt
> # owner: my_Buser
> # group: Domain\040Users
> user::rwx
> user:my_Buser:rwx
> group::---
> mask::rwx
> other::---
>
> whereas testA\test.txt has no ACLs yet, in other words has:
>
> # owner: my_Auser
> # group: Domain\040Users
> user::rwx
> group::r--
> other::r--
>
>
> how to tell samba to make it readable to the group, by default, at file
> creation time?
>
> many thanks
>
>
>
>
> On 30/03/12 11:30, lejeczek wrote:
>> dear all
>>
>> trivial kind of question for which I do apologize, but it's sort of
>> puzzling
>>
>> in a share when a windows client creates something samba sets it as
>> 755, yet another user can still delete, in this case a folder
>>
>> which part of configuration fixes it so it would behave as expected?
>>
>> what I have by default is:
>>
>> acl check permissions = Yes
>> acl group control = No
>> acl map full control = Yes
>> create mask = 0744
>> force create mode = 00
>> security mask = 0777
>> force security mode = 00
>> directory mask = 0755
>> force directory mode = 00
>> directory security mask = 0777
>> force directory security mode = 00
>> force unknown acl user = No
>> inherit permissions = No
>> inherit acls = No
>> inherit owner = No
>>
>> cheers
>>
More information about the samba
mailing list