After parsing through the various bits of available documentation, I'm
forced to bow before the group and ask the following Silly User Question:
While I can create and set NT ACLs on files/folder, anything in the root of
the share can be deleted by any user who has access to that share. I've
munged something in my file permissions. What /should/ the file permissions
for a root share directoy be set to, and who should own it - root, a created
'samba' user..?
Ex:
[backup]
path = /mnt/share/backup
valid users = @"DEAD\Puppies"
read only = No
What UNIX account should own /mnt/share/backup, and what should the UNIX
file permissions be set to?
Thanks,
Chris
-------------- next part --------------
HTML attachment scrubbed and removed
If you don't want anyone to write to it then set root as the owner and chmod
it 644 or something similar.
Let me know if you need anything else,
Josh
-----Original Message-----
From: Sorisio,Chris [mailto:ChrisSorisio@PeakTechnical.com]
Sent: Thursday, August 01, 2002 3:05 PM
To: 'samba@lists.samba.org'
Subject: [Samba] SUQ: Share permissions
After parsing through the various bits of available documentation, I'm
forced to bow before the group and ask the following Silly User Question:
While I can create and set NT ACLs on files/folder, anything in the root of
the share can be deleted by any user who has access to that share. I've
munged something in my file permissions. What /should/ the file permissions
for a root share directoy be set to, and who should own it - root, a created
'samba' user..?
Ex:
[backup]
path = /mnt/share/backup
valid users = @"DEAD\Puppies"
read only = No
What UNIX account should own /mnt/share/backup, and what should the UNIX
file permissions be set to?
Thanks,
Chris
-------------- next part --------------
HTML attachment scrubbed and removed
Well, I want anyone to be able to write to it, but I want it to also obey NT
ACLs.
Example:
I have my root share, /mnt/share/test
Anyone should be able to create a directory under /mnt/share/test via NT
Explorer. However, they should also be able to lock that directory so that
only they can delete. I've tried to do this, and while I can block someone
from accessing said folder, I cannot block them from deleting it.
-----Original Message-----
From: Konkol, Josh [mailto:JKonkol@guidemail.com]
Sent: Thursday, August 01, 2002 4:11 PM
To: 'Sorisio,Chris'; 'samba@lists.samba.org'
Subject: RE: [Samba] SUQ: Share permissions
If you don't want anyone to write to it then set root as the owner and chmod
it 644 or something similar.
Let me know if you need anything else,
Josh
-----Original Message-----
From: Sorisio,Chris [mailto:ChrisSorisio@PeakTechnical.com]
Sent: Thursday, August 01, 2002 3:05 PM
To: 'samba@lists.samba.org'
Subject: [Samba] SUQ: Share permissions
After parsing through the various bits of available documentation, I'm
forced to bow before the group and ask the following Silly User Question:
While I can create and set NT ACLs on files/folder, anything in the root of
the share can be deleted by any user who has access to that share. I've
munged something in my file permissions. What /should/ the file permissions
for a root share directoy be set to, and who should own it - root, a created
'samba' user..?
Ex:
[backup]
path = /mnt/share/backup
valid users = @"DEAD\Puppies"
read only = No
What UNIX account should own /mnt/share/backup, and what should the UNIX
file permissions be set to?
Thanks,
Chris
-------------- next part --------------
HTML attachment scrubbed and removed
When I create a test directory under the root share, it shows the following permissions: drwxr-xr-x 3 PEAK\SorisioCE PEAK\Domain Users 42 Aug 1 17:31 New Folder (smbcacls of New Folder) REVISION:1 OWNER:PEAK\SorisioCE GROUP:PEAK\Domain Users ACL:PEAK\SorisioCE:ALLOWED/0/FULL ACL:PEAK\Domain Users:ALLOWED/0/READ ACL:everyone:ALLOWED/0/READ ACL:PEAK\SorisioCE:ALLOWED/11/FULL ACL:PEAK\Domain Users:ALLOWED/11/R ACL:everyone:ALLOWED/11/R Still, anyone who can write to the root share can delete New Folder. I want to set it so that anyone can /create/ folders under the root share, but only the owner or admins can /delete/ all folders. Permissions of the root share, /mnt/share/backup: drwxrwxrwx 3 samba root 23 Aug 1 15:55 backup Thanks, Chris -----Original Message----- From: Goetz Rieger [mailto:goetz.rieger@suse.de] Sent: Friday, August 02, 2002 4:38 AM To: Sorisio,Chris Cc: samba@lists.samba.org Subject: Re: [Samba] SUQ: Share permissions Hey, On Thu, 1 Aug 2002 17:04:47 -0400 "Sorisio,Chris" <ChrisSorisio@PeakTechnical.com> wrote: What permissions are given to the new directory? Do you work with filesystem ACLs? Goetz> Well, I want anyone to be able to write to it, but I want it to also > obey NT ACLs. > > Example: > > I have my root share, /mnt/share/test > > Anyone should be able to create a directory under /mnt/share/test via NT > Explorer. However, they should also be able to lock that directory so > that only they can delete. I've tried to do this, and while I can block > someone from accessing said folder, I cannot block them from deleting > it.-------------- next part -------------- HTML attachment scrubbed and removed
Hello. In Unix, a user with write permissions in a directory can create, rename and delete ANY file or directory within the main directory. The permissions on the idividual files/directorys doesn't matter! What You CAN do is to set the sticky bit (chmod +t) on the main directory. If the sticky bit is set, only the owner of a file/directory can remove and/or rename it. This is perhaps not exactly what You want but may be sufficient. /?H Ps. I'm a Solaris user but i beleve it's the same in other Unix/Linux systems.> When I create a test directory under the root share, it shows the following > permissions: > > drwxr-xr-x 3 PEAK\SorisioCE PEAK\Domain Users 42 Aug 1 17:31 New > Folder > > (smbcacls of New Folder) > > REVISION:1 > OWNER:PEAK\SorisioCE > GROUP:PEAK\Domain Users > ACL:PEAK\SorisioCE:ALLOWED/0/FULL > ACL:PEAK\Domain Users:ALLOWED/0/READ > ACL:everyone:ALLOWED/0/READ > ACL:PEAK\SorisioCE:ALLOWED/11/FULL > ACL:PEAK\Domain Users:ALLOWED/11/R > ACL:everyone:ALLOWED/11/R > > Still, anyone who can write to the root share can delete New Folder. I want > to set it so that anyone can /create/ folders under the root share, but only > the owner or admins can /delete/ all folders. > > Permissions of the root share, /mnt/share/backup: > > drwxrwxrwx 3 samba root 23 Aug 1 15:55 backup > > Thanks, > > Chris > > -----Original Message----- > From: Goetz Rieger [mailto:goetz.rieger@suse.de] > Sent: Friday, August 02, 2002 4:38 AM > To: Sorisio,Chris > Cc: samba@lists.samba.org > Subject: Re: [Samba] SUQ: Share permissions > > > Hey, > > On Thu, 1 Aug 2002 17:04:47 -0400 > "Sorisio,Chris" <ChrisSorisio@PeakTechnical.com> wrote: > > What permissions are given to the new directory? Do you work with > filesystem ACLs? > > Goetz > > > Well, I want anyone to be able to write to it, but I want it to also > > obey NT ACLs. > > > > Example: > > > > I have my root share, /mnt/share/test > > > > Anyone should be able to create a directory under /mnt/share/test via NT > > Explorer. However, they should also be able to lock that directory so > > that only they can delete. I've tried to do this, and while I can block > > someone from accessing said folder, I cannot block them from deleting > > it.
?ke, Thanks for the tip. That appears to have resolved my issue. Chris -----Original Message----- From: ?ke Holmlund [mailto:holm@informatik.umu.se] Sent: Friday, August 02, 2002 9:47 AM To: samba@lists.samba.org Cc: ChrisSorisio@PeakTechnical.com Subject: RE: [Samba] SUQ: Share permissions Hello. In Unix, a user with write permissions in a directory can create, rename and delete ANY file or directory within the main directory. The permissions on the idividual files/directorys doesn't matter! What You CAN do is to set the sticky bit (chmod +t) on the main directory. If the sticky bit is set, only the owner of a file/directory can remove and/or rename it. This is perhaps not exactly what You want but may be sufficient. /?H Ps. I'm a Solaris user but i beleve it's the same in other Unix/Linux systems.> When I create a test directory under the root share, it shows thefollowing> permissions: > > drwxr-xr-x 3 PEAK\SorisioCE PEAK\Domain Users 42 Aug 1 17:31 New > Folder > > (smbcacls of New Folder) > > REVISION:1 > OWNER:PEAK\SorisioCE > GROUP:PEAK\Domain Users > ACL:PEAK\SorisioCE:ALLOWED/0/FULL > ACL:PEAK\Domain Users:ALLOWED/0/READ > ACL:everyone:ALLOWED/0/READ > ACL:PEAK\SorisioCE:ALLOWED/11/FULL > ACL:PEAK\Domain Users:ALLOWED/11/R > ACL:everyone:ALLOWED/11/R > > Still, anyone who can write to the root share can delete New Folder. Iwant> to set it so that anyone can /create/ folders under the root share, butonly> the owner or admins can /delete/ all folders. > > Permissions of the root share, /mnt/share/backup: > > drwxrwxrwx 3 samba root 23 Aug 1 15:55 backup > > Thanks, > > Chris > > -----Original Message----- > From: Goetz Rieger [mailto:goetz.rieger@suse.de] > Sent: Friday, August 02, 2002 4:38 AM > To: Sorisio,Chris > Cc: samba@lists.samba.org > Subject: Re: [Samba] SUQ: Share permissions > > > Hey, > > On Thu, 1 Aug 2002 17:04:47 -0400 > "Sorisio,Chris" <ChrisSorisio@PeakTechnical.com> wrote: > > What permissions are given to the new directory? Do you work with > filesystem ACLs? > > Goetz > > > Well, I want anyone to be able to write to it, but I want it to also > > obey NT ACLs. > > > > Example: > > > > I have my root share, /mnt/share/test > > > > Anyone should be able to create a directory under /mnt/share/test via NT > > Explorer. However, they should also be able to lock that directory so > > that only they can delete. I've tried to do this, and while I can block > > someone from accessing said folder, I cannot block them from deleting > > it.-------------- next part -------------- HTML attachment scrubbed and removed