Re: mode & mask

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]



actually, is it normal that newly created content or copied content, lets say folders, do not show anything in the security tab in windows,
I mean there are not ticks under neither "Allow" nor "Deny"
only after these security setting are changed from within windows ticks appear (have checked if using setfacl does the same)

On 30/03/12 13:33, Aaron E. wrote:
you can set default permissions on the share folder using something like this.. setfacl -m default:group:gid:perms folder -- default perms are inherited..

On 03/30/2012 07:29 AM, lejeczek wrote:
actually it gets even more weird, from my perspective at least
maybe it all works but not for empty folders
if there are no subfolders then everyone authenticated has full control,
can delete the folder
permissions seem to begin to apply as soon as some content ends up the
folder

but there is another thing

test\
testA
test.txt
testB
test.txt

if a user B was given, with means of windows client, 'Modify' permission over testB and then this user creates test.txt in this testB folder, then nobody has access to the file apart from listing it, cannot
open/read it

testA remained intact, userA created testA and test.txt in it and
everybody can open/read test.txt

it seems like at the point where windows acl are added, by adding a user/permission to folder, that newly created file by that added user
gets unix acl like this

# file: testB\test.txt
# owner: my_Buser
# group: Domain\040Users
user::rwx
user:my_Buser:rwx
group::---
mask::rwx
other::---

whereas testA\test.txt has no ACLs yet, in other words has:

# owner: my_Auser
# group: Domain\040Users
user::rwx
group::r--
other::r--


how to tell samba to make it readable to the group, by default, at file
creation time?

many thanks




On 30/03/12 11:30, lejeczek wrote:
dear all

trivial kind of question for which I do apologize, but it's sort of
puzzling

in a share when a windows client creates something samba sets it as 755, yet another user can still delete, in this case a folder

which part of configuration fixes it so it would behave as expected?

what I have by default is:

acl check permissions = Yes
acl group control = No
acl map full control = Yes
create mask = 0744
force create mode = 00
security mask = 0777
force security mode = 00
directory mask = 0755
force directory mode = 00
directory security mask = 0777
force directory security mode = 00
force unknown acl user = No
inherit permissions = No
inherit acls = No
inherit owner = No

cheers



--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba


[Linux]     [Info Cyrus]     [LARTC]     [Bugtraq]     [Netfilter]     [Internet Dating Forums]     [RAID]     [Yosemite News]     [Photography]

Add to Google Powered by Linux