[Samba] Samba and POSIX ACLs
h.reindl at thelounge.net
Sat Aug 13 10:48:18 UTC 2016
Am 12.08.2016 um 19:40 schrieb Jeremy Allison:
> On Fri, Aug 12, 2016 at 07:27:00PM +0200, Reindl Harald via samba wrote:
>> Am 12.08.2016 um 18:57 schrieb Jeremy Allison via samba:
>>> On Fri, Aug 12, 2016 at 11:20:47AM -0500, Sergei Gerasenko via samba wrote:
>>>> It looks like this is a long known issue:
>>> If by long known you mean "as designed". As Samba supports
>>> ACL setting on files/directories we don't restrict what
>>> happens to them after creation.
>>> For creation you can set "create mask" and "directory mask"
>>> but the client can change it afterwards
>> well, an option to igore that clients wish (and the same for the
>> normal unix permissions) would be nice because Apple stuff tends to
>> trying be smarter than the admin which knows how permissions have to
>> look like so that all users which needs access have it
>> and that is often *exatly* as the sharepoint with no exception
>> because access to shares is granted by asign users to specific
> We used to have that. Was called "security mask" and "directory
> security mask". It got removed as there was no way to differentiate
> between the "create" action and "modify permissions" action at
> the level below the VFS
how can that be?
i mean there is obviously a difference and samba is losing track if it's
now reating a new file or modify a existing one?
that permissions/acl stuff is *a real* problem for many setups when a
idiotic client is changing the permissions of a shared document, the
person goes to vacation and other team members no longer have write access
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 181 bytes
Desc: OpenPGP digital signature
More information about the samba