[Samba] Root cannot delete files through samba share
Dale Schroeder
dale at BriannasSaladDressing.com
Wed Nov 14 11:35:19 MST 2012
What does the [global] config look like?
On 11/14/2012 8:55 AM, Amanda Gomes wrote:
>
> David, thanks again.
>
> As previously mentioned, I can not allow the file owner erase what
> he created in the folder, so I apply the "create mask = 0555" in the
> first option.
>
> Dale, thanks for the response.
>
> I tried to use this option you suggested - "admin users", but even
> so, I can not do that only users in the group that I want to be able
> to delete the files. I can not understand whether it is a samba
> problem, but the root can delete through samba, only when the file
> owner has full permission on it. Configuration is not valid for my
> environment.
>
>
> Below, I'll put the full configuration of my environment:
>
> Settings on the Shared Folder:
>
> / mnt / storage / MEDIA
>
> -> Chmod 777 / mnt / storage / MEDIA /
> -> Chown Master_User "supervisors" / mnt / storage / MEDIA /
>
> SAMBA settings:
>
> [MEDIA]
> path = / mnt / storage / MEDIA
> browseable = yes
> writable = yes
> group = force "supervisors"
> admin users = Master_User, @ supervisors
> create mask = 0575
> force create mode = 0575
>
>
> When a file is created by the user "user1", this is with the
> following settings within the folder:
>
> -r-xrwxr-x 1 user1 supervisors 0 Nov 14 12:36 File.txt
>
>
> OK ... Only the group has full permissions on the file! That is,
> theoretically also master_User (master_user belongs to supervisors).
> But neither master_user or root can delete trhough samba.
>
>
> I know someone explain why neither the root can not delete trhough
> samba independent of any configuration?
>
> Guys, thank you once again for your help.
> Hugs.
>
>
>
>
> 2012/11/13 Dale Schroeder <dale at briannassaladdressing.com
> <mailto:dale at briannassaladdressing.com>>
>
> Amanda,
>
> You can elevate a user's privileges by using the "admin users"
> parameter, e.g., "admin users = user1, @group2"
> Also, I believe the syntax in your second option should be ==>
> "force group = supervisors" if you wish to go that route.
>
> Dale
>
>
>
> On 11/12/2012 3:44 PM, Amanda Gomes wrote:
>
> Dear,
>
>
> We are integrating Samba with Active Directory in the
> company. The goal
> is to provide a samba share to users of AD. In this case, we
> need all users
> to write on the share, but nobody modify or delete any files.
> Even the user
> who owns it.
> With this, we would create only one AD user, if necessary
> with root
> powers, which could erase everything.
> For this, we test several lines, such as the samba
> permissions, acls,
> sticky bit, but nothing met our needs.
> I am now trying to make that an AD user has the same root
> privileges.
> Working with the following configuration:
>
>
> [MEDIA]
> path = / mnt / storage / MEDIA
> browseable = yes
> writable = yes
> create mask = 0555
>
> After writing the share, no one can erase. But not even
> the root logging
> via samba, can erase. Only the machine itself. Anyone can
> explain why?
>
> Another option would be:
>
>
> [MEDIA]
> path = / mnt / storage / MEDIA
> browseable = yes
> writable = yes
> group = force "supervisors"
> create mask = 0570
>
> With this setting, the goal would be that users write in
> the share and
> the files were to become the group supervisors, and only users
> belonging to
> this group be able to erase. But this setup also failed.
>
> Does anyone know how I could implement this? The why these
> settings do
> not work out?
>
>
> Thank you!
> Amanda Gomes.
>
>
>
>
More information about the samba
mailing list