rpenny at samba.org
Fri Dec 16 16:23:55 UTC 2022
On 16/12/2022 15:53, Piviul via samba wrote:
> On 12/16/22 14:18, Rowland Penny via samba wrote:
>> On 16/12/2022 13:01, Piviul via samba wrote:
>>> I need to share a folder in a way that some groups members have write
>>> permissions to the share and some other groups members can only read
>>> files on the share, the others members can't access at all.
>>> I don't care about acl, all files/directory in the share should have
>>> the same access. Do you think that disabling acls in a such way
>>> vfs objects = acl_xattr
>>> acl_xattr:ignore system acls = yes
>>> valid users = <read groups list>,<write group list>
>>> read list = <read groups list>
>>> write list = <write group list>
>>> force group = staff
>>> create mask = 0664
>>> force create mode = 0664
>>> directory mask = 0775
>>> force directory mode = 2775
>>> would be a good idea
>> Well, NO
>> You only need the 'vfs objects' line in '[global]' and the path and
>> 'read only = no' in the share, you then set the permissions from Windows.
>> if you do add 'acl_xattr:ignore system acls = yes' , it does what it
>> says, Samba will ignore the system acls.
>> I suggest you read 'man vfs_acl_xattr' and this wiki page:
>> If you want to set up Samba as you suggest, only do it on a Unix
>> domain member and do not set 'vfs objects = acl_xattr'.
> there is no way, I can't ignore windows acl I have to use them... ok,
> I'll try to use them.
If you use vfs_acl_xattr, then the permissions are set in three places:
The standard 'ugo' permissions
An EA that holds the extended permissions that 'getfacl' shows
Another EA that holds the Windows ACL's, these are composed of ACE's.
If you use 'acl_xattr:ignore system acls = yes', the first one is ignored.
More information about the samba