Dear All I am facing a strange problem that I could not solve, so, maybe you can help me. Look at this situation: I created a new directory with those ACLs (through Samba using Windows XP) [root@server /home/smb/adm]# getfacl teste #file:teste #owner:1002 #group:1006 user::rwx group::rwx group:suporte:rwx group:administ:rwx mask::rwx other::--- [root@server /home/smb/adm]# getfacl -d teste #file:teste #owner:1002 #group:1006 user::rwx group::rwx group:suporte:rwx group:administ:rwx mask::rwx other::--- My ACLs are right, ok, now I will copy a XLS file to that folder: [root@server /home/smb/adm]# getfacl teste/excel-test.xls #file:teste/excel-test.xls #owner:1002 #group:1006 user::rwx group::rw- group:suporte:rwx group:administ:rwx mask::rwx other::--- OK, the samba server inhert the permissions and the ACLs, everything is fine until now. But when I edit this file with MS Excel, and save it, look what happen to the ACLs: [root@server /home/smb/adm]# getfacl teste/excel-test.xls #file:teste/excel-test.xls #owner:1002 #group:1006 user::rwx group::--- group:suporte:rwx mask::rwx other::--- The ACL entry "group:administ:rwx" just have gone after I save the file. It happens with Windows XP, Vista, Office 2003 and 2007. My samba version is Samba version 3.0.26a, my SO is FreeBSD 6.2. I installed samba through Ports. Anybody knows what is wrong? Thanks a lot!
On Tue, Dec 18, 2007 at 10:15:42PM -0200, Felipe Tocchetto wrote:> I am facing a strange problem that I could not solve, so, maybe you can help > me. > > Look at this situation: > > I created a new directory with those ACLs (through Samba using Windows XP) > > [root@server /home/smb/adm]# getfacl teste > #file:teste > #owner:1002 > #group:1006 > user::rwx > group::rwx > group:suporte:rwx > group:administ:rwx > mask::rwx > other::--- > > [root@server /home/smb/adm]# getfacl -d teste > #file:teste > #owner:1002 > #group:1006 > user::rwx > group::rwx > group:suporte:rwx > group:administ:rwx > mask::rwx > other::--- > > My ACLs are right, ok, now I will copy a XLS file to that folder: > > [root@server /home/smb/adm]# getfacl teste/excel-test.xls > #file:teste/excel-test.xls > #owner:1002 > #group:1006 > user::rwx > group::rw- > group:suporte:rwx > group:administ:rwx > mask::rwx > other::--- > > OK, the samba server inhert the permissions and the ACLs, everything is fine > until now. > > But when I edit this file with MS Excel, and save it, look what happen to > the ACLs: > > [root@server /home/smb/adm]# getfacl teste/excel-test.xls > #file:teste/excel-test.xls > #owner:1002 > #group:1006 > user::rwx > group::--- > group:suporte:rwx > mask::rwx > other::--- > > The ACL entry "group:administ:rwx" just have gone after I save the file. > > It happens with Windows XP, Vista, Office 2003 and 2007. My samba version is > Samba version 3.0.26a, my SO is FreeBSD 6.2. I installed samba through > Ports. > > Anybody knows what is wrong?I'm not sure if it is the cause, but what are your default ACLs for the directory in question? When you copy in a file from Windows, I think that it will preserve its permissions, but if you edit and save, you are actually creating a new file, which will be created based on the defaults for that location/user. Check the output of 'gefacl -d teste'. -- greg byshenk - gbyshenk@byshenk.net - Leiden, NL
Greeting Felipe, Here a solution for your problem (I hope so). It works for me with MSOffice 2000/2003. First you need to set the POSIX rights before ACL(EA). These rights will be the base for your "real" permissions. - Create your folder, and set 2775 or 2770 permissions. - The assign the owner and group to root:root (you will understand shortly why). - Now you are ready to set the ACL(EA) permissions. The use of the 2775 permissions will gave access to the folder and his subdirectory for the share of the files. Or use directly the 2770 permissions to limit access and share immediately your files in the folder. The SGID define in this permission allow the group to never be change, whatever the group of the owner who create a new file ou change a existing file. The owner has no importance, because it will be change at the creation ou modification of the file (it is the goal to know who have made the change). The share configuration, I suggest you something like this. The only parameters very important is "force create mode = 660" and "directory mode = 770". [workspace] comment = Whatever path = /pat/to/my/folder browseable = yes read only = no force create mode = 660 directory mode = 770 csc policy = disable Best Regards Robert -- Cybionet - Solution reseautique http://www.cybionet.com> Dear All > > I am facing a strange problem that I could not solve, so, maybe you > can help > me. > > Look at this situation: > > I created a new directory with those ACLs (through Samba using Windows > XP) > > [root@server /home/smb/adm]# getfacl teste > #file:teste > #owner:1002 > #group:1006 > user::rwx > group::rwx > group:suporte:rwx > group:administ:rwx > mask::rwx > other::--- > > [root@server /home/smb/adm]# getfacl -d teste > #file:teste > #owner:1002 > #group:1006 > user::rwx > group::rwx > group:suporte:rwx > group:administ:rwx > mask::rwx > other::--- > > My ACLs are right, ok, now I will copy a XLS file to that folder: > > [root@server /home/smb/adm]# getfacl teste/excel-test.xls > #file:teste/excel-test.xls > #owner:1002 > #group:1006 > user::rwx > group::rw- > group:suporte:rwx > group:administ:rwx > mask::rwx > other::--- > > OK, the samba server inhert the permissions and the ACLs, everything > is fine > until now. > > But when I edit this file with MS Excel, and save it, look what happen to > the ACLs: > > [root@server /home/smb/adm]# getfacl teste/excel-test.xls > #file:teste/excel-test.xls > #owner:1002 > #group:1006 > user::rwx > group::--- > group:suporte:rwx > mask::rwx > other::--- > > The ACL entry "group:administ:rwx" just have gone after I save the file. > > It happens with Windows XP, Vista, Office 2003 and 2007. My samba > version is > Samba version 3.0.26a, my SO is FreeBSD 6.2. I installed samba through > Ports. > > Anybody knows what is wrong? > > Thanks a lot! >
Hey Robert
Thanks for your mail, here is what a did:
1. Set the ACLs to all dirs and files in the ADM dir:
find adm/ -type f -exec setfacl -m g:administ:rwx {} \;
find adm/ -type f -exec setfacl -m g:administ:rwx {} \;
3. Setting the default ACLs to the ADM dir:
setfacl -d -m u::rwx,g::rwx,o::--- adm/
setfacl -d -m g:administ:rwx adm/
4. Setting the default ACLs to all subdirs on ADM
find adm/ -type d -exec setfacl -d -m u::rwx,g::rwx,o::--- {} \;
find adm/ -type d -exec setfacl -d -m g:administ:rwx {} \;
5. In the Samba server I did this conf:
valid users = suporte,administ
write list = suporte,administ
read only = No
* force security mode = 0770
force create mode = 0777
force directory mode = 0777
inherit permissions = Yes
The more important flag, that solve the problem is force security mode 0770.
Thanks a lot for all replyes!
Felipe
On Dec 19, 2007 11:21 PM, Cybionet <cybionet@videotron.ca> wrote:
> Greeting Felipe,
>
> Here a solution for your problem (I hope so). It works for me with
> MSOffice 2000/2003.
>
> First you need to set the POSIX rights before ACL(EA). These rights will
> be the base for your "real" permissions.
>
> - Create your folder, and set 2775 or 2770 permissions.
> - The assign the owner and group to root:root (you will understand
> shortly why).
> - Now you are ready to set the ACL(EA) permissions.
>
> The use of the 2775 permissions will gave access to the folder and his
> subdirectory for the share of the files. Or use directly the 2770
> permissions to limit access and share immediately your files in the
> folder.
>
> The SGID define in this permission allow the group to never be change,
> whatever the group of the owner who create a new file ou change a
> existing file. The owner has no importance, because it will be change at
> the creation ou modification of the file (it is the goal to know who
> have made the change).
>
> The share configuration, I suggest you something like this. The only
> parameters very important is "force create mode = 660" and
"directory
> mode = 770".
>
> [workspace]
>
> comment = Whatever
> path = /pat/to/my/folder
>
> browseable = yes
> read only = no
>
> force create mode = 660
> directory mode = 770
>
> csc policy = disable
>
>
> Best Regards
>
> Robert
>
> --
> Cybionet - Solution reseautique
> http://www.cybionet.com
>
> > Dear All
> >
> > I am facing a strange problem that I could not solve, so, maybe you
> > can help
> > me.
> >
> > Look at this situation:
> >
> > I created a new directory with those ACLs (through Samba using Windows
> > XP)
> >
> > [root@server /home/smb/adm]# getfacl teste
> > #file:teste
> > #owner:1002
> > #group:1006
> > user::rwx
> > group::rwx
> > group:suporte:rwx
> > group:administ:rwx
> > mask::rwx
> > other::---
> >
> > [root@server /home/smb/adm]# getfacl -d teste
> > #file:teste
> > #owner:1002
> > #group:1006
> > user::rwx
> > group::rwx
> > group:suporte:rwx
> > group:administ:rwx
> > mask::rwx
> > other::---
> >
> > My ACLs are right, ok, now I will copy a XLS file to that folder:
> >
> > [root@server /home/smb/adm]# getfacl teste/excel-test.xls
> > #file:teste/excel-test.xls
> > #owner:1002
> > #group:1006
> > user::rwx
> > group::rw-
> > group:suporte:rwx
> > group:administ:rwx
> > mask::rwx
> > other::---
> >
> > OK, the samba server inhert the permissions and the ACLs, everything
> > is fine
> > until now.
> >
> > But when I edit this file with MS Excel, and save it, look what happen
> to
> > the ACLs:
> >
> > [root@server /home/smb/adm]# getfacl teste/excel-test.xls
> > #file:teste/excel-test.xls
> > #owner:1002
> > #group:1006
> > user::rwx
> > group::---
> > group:suporte:rwx
> > mask::rwx
> > other::---
> >
> > The ACL entry "group:administ:rwx" just have gone after I
save the file.
> >
> > It happens with Windows XP, Vista, Office 2003 and 2007. My samba
> > version is
> > Samba version 3.0.26a, my SO is FreeBSD 6.2. I installed samba through
> > Ports.
> >
> > Anybody knows what is wrong?
> >
> > Thanks a lot!
> >
>
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/listinfo/samba
>
--
Felipe Tocchetto