[Samba] Optimal File Permissions for Shared Access Between Windows and Linux

Rowland Penny rpenny at samba.org
Fri Oct 25 09:09:38 UTC 2024


On Thu, 24 Oct 2024 15:55:41 +0200
Jonathan Szalavecz via samba <samba at lists.samba.org> wrote:

> I thought with the ACL it would be easier but it is the same
> nightmare :-(
> 
> 
> john_johnk at raspberrypi:~ $ getfacl /mnt/shared/partage_de_fichiers
> getfacl: Removing leading '/' from absolute path names
> # file: mnt/shared/partage_de_fichiers
> # owner: john_johnk
> # group: sharedaccess
> # flags: -s-
> user::rwx
> group::rwx
> other::---
> default:user::rw-
> default:group::rw-
> default:group:sharedaccess:rw-
> default:mask::rw-
> default:other::---
> 
> 
> but when I create a file from DatabaseShare ...the group is wrong and
> I have the x execution which comes from nowhere :-(
> 
> 
> john_johnk at raspberrypi:~ $ ls -l /mnt/shared/partage_de_fichiers
> total 102120
> 
> -rw-rwx---+ 1 john_johnk john_johnk       73979 Oct 10  2016 'Facture 
> RAM_2.pdf'
> -rw-rwx---+ 1 john_johnk john_johnk      125627 Dec  2  2021 'Facture 
> Tennis RNS21.pdf'
> 

One of your problems is that you are are these paths for the shares:

/mnt/shared
/mnt/shared/partage_de_fichiers

So, anyone that needs to get into partage_de_fichiers has to traverse
/mnt/shared

I would have used:

/mnt/shared/nas
/mnt/shared/partage_de_fichiers

This would have lead to /mnt/shared being owned by root:root with
'0755' permissions, this would then have given 'others' the right to
traverse to the required directory.

Then use the same ownership for the sub directories (which would
seemingly stop anyone writing to the directory), then use 'setfacl' to
give the USER the required permissions.

Rowland
 



More information about the samba mailing list