[Samba] Standalone server and POSIX ACL issues (new one)
subscriptions
subscriptions at renuecomputers.com
Fri Aug 9 20:32:51 UTC 2019
On 8/9/19 3:18 PM, Yvan Masson via samba wrote:
> Hi list,
>
> For testing purpose, I am running a standalone Samba 4.9.5 on Debian
> with the following smb.conf:
>
> [global]
> server role = standalone server
> map to guest = Bad User
> guest account = nobody
>
> [test]
> path = /home/yvan/Partage/share
> guest ok = yes
> writable = yes
> inherit acls = yes
>
>
> I want "bob", "alice" and guest user to have full access to all files
> in this share, so I made /home/yvan/share with the following ACL:
> $ getfacl share
> # file: share
> # owner: root
> # group: root
> user::rwx
> user:bob:rwx
> user:alice:rwx
> user:nobody:rwx
> group::r-x
> mask::rwx
> other::---
> default:user::rwx
> default:user:bob:rwx
> default:user:alice:rwx
> default:user:nobody:rwx
> default:group::---
> default:mask::rwx
> default:other::---
>
>
> I have two issues with this setup that I could not solve after many
> hours:
>
> 1. I can mount the share as guest but then can't read its content,
> although local access works fine (for example with `$ sudo -u nobody
> touch /home/yvan/share/foo`).
>
> 2. If user "bob" or "alice" creates a directory or a file, ACL mask is
> not "rwx" but "r-x" for directories and "r--" for files (which
> restricts effective rights). All other ACL are correct. Note that when
> creating files or directories locally, ACL mask is properly setup to
> "rwx".
>
> Any idea is really welcome !
>
> Best regards,
> Yvan
>
Yvan,
What I do is create two groups. First group has full access. The other
group have the normal permissions besides Bob and Alice.
I think it gives you better control over the users. They come and go so
its easier to drop them from and group and add them to another.
IMHO
More information about the samba
mailing list