Rowland Penny
2024-Oct-25 09:09 UTC
[Samba] Optimal File Permissions for Shared Access Between Windows and Linux
On Thu, 24 Oct 2024 15:55:41 +0200 Jonathan Szalavecz via samba <samba at lists.samba.org> wrote:> I thought with the ACL it would be easier but it is the same > nightmare :-( > > > john_johnk at raspberrypi:~ $ getfacl /mnt/shared/partage_de_fichiers > getfacl: Removing leading '/' from absolute path names > # file: mnt/shared/partage_de_fichiers > # owner: john_johnk > # group: sharedaccess > # flags: -s- > user::rwx > group::rwx > other::--- > default:user::rw- > default:group::rw- > default:group:sharedaccess:rw- > default:mask::rw- > default:other::--- > > > but when I create a file from DatabaseShare ...the group is wrong and > I have the x execution which comes from nowhere :-( > > > john_johnk at raspberrypi:~ $ ls -l /mnt/shared/partage_de_fichiers > total 102120 > > -rw-rwx---+ 1 john_johnk john_johnk?????? 73979 Oct 10? 2016 'Facture > RAM_2.pdf' > -rw-rwx---+ 1 john_johnk john_johnk????? 125627 Dec? 2? 2021 'Facture > Tennis RNS21.pdf' >One of your problems is that you are are these paths for the shares: /mnt/shared /mnt/shared/partage_de_fichiers So, anyone that needs to get into partage_de_fichiers has to traverse /mnt/shared I would have used: /mnt/shared/nas /mnt/shared/partage_de_fichiers This would have lead to /mnt/shared being owned by root:root with '0755' permissions, this would then have given 'others' the right to traverse to the required directory. Then use the same ownership for the sub directories (which would seemingly stop anyone writing to the directory), then use 'setfacl' to give the USER the required permissions. Rowland
Jonathan Szalavecz
2024-Oct-26 16:12 UTC
[Samba] Optimal File Permissions for Shared Access Between Windows and Linux
Hi Rowland, Thanks to your guidance, I?ve set up permissions for all directories and files under |/mnt/shared| as follows: * *Directories* have ```|drwxr-xr-x| permissions and are owned by |root:root|.``` * *Files* are set to ```|rw-------|, also with |root:root```| ownership, except for executables, which have the necessary |rwx| permissions. I?d like to ensure |```john_johnk|``` has read, write, and execute access across all directories and files and to set up default ACLs that make new files and directories inherit these permissions reliably. However, I?m aiming to keep the ACLs as restrictive as possible for new created folders and files. 1. Could you recommend specific ACL settings using |-d| to set these as default permissions across the directories and files? 2. For the mask, would you suggest using |--mask| or |--no-mask| to avoid unintended permission changes? Once this setup is complete, I plan to |rsync| everything from |```/mnt/shared|``` to ```|/mnt/shared/nas```|, excluding ```|/mnt/shared/partage_de_fichiers|```. Afterward, I?ll configure access for both |```john_johnk```| and |```juliette```| specifically on |partage_de_fichiers|. Your insights have been invaluable so far, and I appreciate any further advice on these ACL settings! Best, Le 10/25/2024 ? 11:09 AM, Rowland Penny via samba a ?crit?:> On Thu, 24 Oct 2024 15:55:41 +0200 > Jonathan Szalavecz via samba<samba at lists.samba.org> wrote: > >> I thought with the ACL it would be easier but it is the same >> nightmare :-( >> >> >> john_johnk at raspberrypi:~ $ getfacl /mnt/shared/partage_de_fichiers >> getfacl: Removing leading '/' from absolute path names >> # file: mnt/shared/partage_de_fichiers >> # owner: john_johnk >> # group: sharedaccess >> # flags: -s- >> user::rwx >> group::rwx >> other::--- >> default:user::rw- >> default:group::rw- >> default:group:sharedaccess:rw- >> default:mask::rw- >> default:other::--- >> >> >> but when I create a file from DatabaseShare ...the group is wrong and >> I have the x execution which comes from nowhere :-( >> >> >> john_johnk at raspberrypi:~ $ ls -l /mnt/shared/partage_de_fichiers >> total 102120 >> >> -rw-rwx---+ 1 john_johnk john_johnk?????? 73979 Oct 10? 2016 'Facture >> RAM_2.pdf' >> -rw-rwx---+ 1 john_johnk john_johnk????? 125627 Dec? 2? 2021 'Facture >> Tennis RNS21.pdf' >> > One of your problems is that you are are these paths for the shares: > > /mnt/shared > /mnt/shared/partage_de_fichiers > > So, anyone that needs to get into partage_de_fichiers has to traverse > /mnt/shared > > I would have used: > > /mnt/shared/nas > /mnt/shared/partage_de_fichiers > > This would have lead to /mnt/shared being owned by root:root with > '0755' permissions, this would then have given 'others' the right to > traverse to the required directory. > > Then use the same ownership for the sub directories (which would > seemingly stop anyone writing to the directory), then use 'setfacl' to > give the USER the required permissions. > > Rowland > >
Seemingly Similar Threads
- Optimal File Permissions for Shared Access Between Windows and Linux
- Optimal File Permissions for Shared Access Between Windows and Linux
- Optimal File Permissions for Shared Access Between Windows and Linux
- Optimal File Permissions for Shared Access Between Windows and Linux
- Optimal File Permissions for Shared Access Between Windows and Linux