actually it gets even more weird, from my perspective at least
maybe it all works but not for empty folders
if there are no subfolders then everyone authenticated has
full control, can delete the folder
permissions seem to begin to apply as soon as some content
ends up the folder
but there is another thing
test\
testA
test.txt
testB
test.txt
if a user B was given, with means of windows client,
'Modify' permission over testB and then this user creates
test.txt in this testB folder, then nobody has access to the
file apart from listing it, cannot open/read it
testA remained intact, userA created testA and test.txt in
it and everybody can open/read test.txt
it seems like at the point where windows acl are added, by
adding a user/permission to folder, that newly created file
by that added user gets unix acl like this
# file: testB\test.txt
# owner: my_Buser
# group: Domain\040Users
user::rwx
user:my_Buser:rwx
group::---
mask::rwx
other::---
whereas testA\test.txt has no ACLs yet, in other words has:
# owner: my_Auser
# group: Domain\040Users
user::rwx
group::r--
other::r--
how to tell samba to make it readable to the group, by
default, at file creation time?
many thanks
On 30/03/12 11:30, lejeczek wrote:> dear all
>
> trivial kind of question for which I do apologize, but
> it's sort of puzzling
>
> in a share when a windows client creates something samba
> sets it as 755, yet another user can still delete, in this
> case a folder
>
> which part of configuration fixes it so it would behave as
> expected?
>
> what I have by default is:
>
> acl check permissions = Yes
> acl group control = No
> acl map full control = Yes
> create mask = 0744
> force create mode = 00
> security mask = 0777
> force security mode = 00
> directory mask = 0755
> force directory mode = 00
> directory security mask = 0777
> force directory security mode = 00
> force unknown acl user = No
> inherit permissions = No
> inherit acls = No
> inherit owner = No
>
> cheers
>