Jack Bates
2012-May-30 05:21 UTC
[Samba] Prevent Samba clients from changing group ownership?
How can I prevent Samba clients from changing the group ownership of files? With the security mask parameter I can prevent Samba clients from changing some permission bits, but I can't find a parameter to prevent changing the group ownership
Jeremy Allison
2012-Jun-05 16:46 UTC
[Samba] Prevent Samba clients from changing group ownership?
On Tue, May 29, 2012 at 10:21:23PM -0700, Jack Bates wrote:> How can I prevent Samba clients from changing the group ownership of files? > > With the security mask parameter I can prevent Samba clients from > changing some permission bits, but I can't find a parameter to > prevent changing the group ownershipI don't think we currently can do this.
Dirk Traenapp
2012-Jun-06 06:47 UTC
[Samba] Prevent Samba clients from changing group ownership?
Hi, do i understand you correctly that you have a folder/share with a preferred default group and all users have a different default group for themselves and you need that all files in the destination folder of the share belongs to the default group of the folder and not the user? If this is the goal you can do this whith g+s on the folder. We do this for our workgroupshares. Example: =======Our share for all workgroups in the company in smb.conf [zdv] path = /mnt/share/zdv valid users = @dom?nen-benutzer, @dom?nen-admins read only = No directory mask = 0770 create mask = 0770 guest ok = false inherit acls = Yes inherit permissions = No hide unreadable = Yes Now the UNIX-Rights for some of the folders: [root at file1 zdv]# ll -d *BD* drwxrws---+ 5 root nwo-bd-leiter 4096 21. Feb 08:31 NWO-BD-Leiter drwxrws---+ 79 root nwo-bd 4096 6. Jun 08:23 NWO-BD .. and the ACL's [root at file1 zdv]# getfacl NWO-BD # file: NWO-BD # owner: root # group: nwo-bd user::rwx group::rwx group:dom?nen-admins:rwx group:nwo-bd:rwx group:nwo-b-leiter:rwx group:nwo-bd-leiter:rwx group:ausbildung-bd:rwx mask::rwx other::--- default:user::rwx default:group::rwx default:group:dom?nen-admins:rwx default:group:dom?nen-benutzer:rwx default:group:nwo-bd:rwx default:group:nwo-b-leiter:rwx default:group:nwo-bd-leiter:rwx default:group:ausbildung-bd:rwx default:mask::rwx default:other::r-x That is my user: [root at file1 NWO-BD]# id tr uid=2103(tr) gid=1513(dom?nen-benutzer) Gruppen=1513(dom?nen-benutzer),2418(dcapturebatch),2120(nwo-bd),2427(estos-user),2417(gis-user),2157(nwo-b),2191(nwo-bd-leiter) With this configuration i can force every new folder or file belonging to default-group of the parent folder. Mit freundlichen Gr??en / Kind regards Dirk Traenapp Datenverarbeitung Nord-West Oelleitung GmbH Zum ?lhafen 207 26384 Wilhelmshaven Tel: +49 (0)4421 62-364 Fax: +49 (0)4421 62-221 Mobil: +49 (0)160 90522467 Web: www.nwowhv.de -------------------------------------------------------------------------------- Gesch?ftsf?hrer: Dr.-Ing. J?rg Niegsch, Wilhelmshaven - Lars Bergmann, Hamburg | Eingetragen beim Amtsgericht Oldenburg unter HRB 130002