[Samba] mode & mask

lejeczek peljasz at yahoo.co.uk
Fri Mar 30 07:16:51 MDT 2012 

actually, is it normal that newly created content or copied 
content, lets say folders, do not show anything in the 
security tab in windows,
I mean there are not ticks under neither "Allow" nor "Deny"
only after these security setting are changed from within 
windows ticks appear (have checked if using setfacl does the 
same)

On 30/03/12 13:33, Aaron E. wrote:
> you can set default permissions on the share folder using 
> something like this..  setfacl -m default:group:gid:perms 
> folder  -- default perms are inherited..
>
> On 03/30/2012 07:29 AM, lejeczek wrote:
>> actually it gets even more weird, from my perspective at 
>> least
>> maybe it all works but not for empty folders
>> if there are no subfolders then everyone authenticated 
>> has full control,
>> can delete the folder
>> permissions seem to begin to apply as soon as some 
>> content ends up the
>> folder
>>
>> but there is another thing
>>
>> test\
>> testA
>> test.txt
>> testB
>> test.txt
>>
>> if a user B was given, with means of windows client, 
>> 'Modify' permission
>> over testB and then this user creates test.txt in this 
>> testB folder,
>> then nobody has access to the file apart from listing it, 
>> cannot
>> open/read it
>>
>> testA remained intact, userA created testA and test.txt 
>> in it and
>> everybody can open/read test.txt
>>
>> it seems like at the point where windows acl are added, 
>> by adding a
>> user/permission to folder, that newly created file by 
>> that added user
>> gets unix acl like this
>>
>> # file: testB\test.txt
>> # owner: my_Buser
>> # group: Domain\040Users
>> user::rwx
>> user:my_Buser:rwx
>> group::---
>> mask::rwx
>> other::---
>>
>> whereas testA\test.txt has no ACLs yet, in other words has:
>>
>> # owner: my_Auser
>> # group: Domain\040Users
>> user::rwx
>> group::r--
>> other::r--
>>
>>
>> how to tell samba to make it readable to the group, by 
>> default, at file
>> creation time?
>>
>> many thanks
>>
>>
>>
>>
>> On 30/03/12 11:30, lejeczek wrote:
>>> dear all
>>>
>>> trivial kind of question for which I do apologize, but 
>>> it's sort of
>>> puzzling
>>>
>>> in a share when a windows client creates something samba 
>>> sets it as
>>> 755, yet another user can still delete, in this case a 
>>> folder
>>>
>>> which part of configuration fixes it so it would behave 
>>> as expected?
>>>
>>> what I have by default is:
>>>
>>> acl check permissions = Yes
>>> acl group control = No
>>> acl map full control = Yes
>>> create mask = 0744
>>> force create mode = 00
>>> security mask = 0777
>>> force security mode = 00
>>> directory mask = 0755
>>> force directory mode = 00
>>> directory security mask = 0777
>>> force directory security mode = 00
>>> force unknown acl user = No
>>> inherit permissions = No
>>> inherit acls = No
>>> inherit owner = No
>>>
>>> cheers
>>>
>
>

More information about the samba mailing list