[Samba] Optimal File Permissions for Shared Access Between Windows and Linux
Rowland Penny
rpenny at samba.org
Fri Oct 25 09:09:38 UTC 2024
On Thu, 24 Oct 2024 15:55:41 +0200
Jonathan Szalavecz via samba <samba at lists.samba.org> wrote:
> I thought with the ACL it would be easier but it is the same
> nightmare :-(
>
>
> john_johnk at raspberrypi:~ $ getfacl /mnt/shared/partage_de_fichiers
> getfacl: Removing leading '/' from absolute path names
> # file: mnt/shared/partage_de_fichiers
> # owner: john_johnk
> # group: sharedaccess
> # flags: -s-
> user::rwx
> group::rwx
> other::---
> default:user::rw-
> default:group::rw-
> default:group:sharedaccess:rw-
> default:mask::rw-
> default:other::---
>
>
> but when I create a file from DatabaseShare ...the group is wrong and
> I have the x execution which comes from nowhere :-(
>
>
> john_johnk at raspberrypi:~ $ ls -l /mnt/shared/partage_de_fichiers
> total 102120
>
> -rw-rwx---+ 1 john_johnk john_johnk 73979 Oct 10 2016 'Facture
> RAM_2.pdf'
> -rw-rwx---+ 1 john_johnk john_johnk 125627 Dec 2 2021 'Facture
> Tennis RNS21.pdf'
>
One of your problems is that you are are these paths for the shares:
/mnt/shared
/mnt/shared/partage_de_fichiers
So, anyone that needs to get into partage_de_fichiers has to traverse
/mnt/shared
I would have used:
/mnt/shared/nas
/mnt/shared/partage_de_fichiers
This would have lead to /mnt/shared being owned by root:root with
'0755' permissions, this would then have given 'others' the right to
traverse to the required directory.
Then use the same ownership for the sub directories (which would
seemingly stop anyone writing to the directory), then use 'setfacl' to
give the USER the required permissions.
Rowland
More information about the samba
mailing list