samba - May 2003 - readonly files get un-erasable from win nt clients #REPOST

Hi

I posted this last week but go no answers. So I try again in case someone
has any idea...

I have a file server (linux with acl and quotas custom 2.4.18 kernel, samba
2.2.7a with acl, quotas and winbind)
among others there's a share on which any user of the domain is allowed to
put files, any user able to read and write other users' files (a public and
free space)

the problem is that sometimes people copy files from CDs where the readonly
bit is set, and once copied, nobody is allowed to remove them

here's an excerpt from smb.conf

# Global Parameters
        security = DOMAIN
        encrypt passwords = Yes
        map to guest = Bad User
        null passwords = Yes
        os level = 10
        winbind uid = 10000-19999
        winbind gid = 10000-19999
        valid users = +"CORP\Domain users"
        read only = No
        create mask = 0775
        directory mask = 0775
[public]
        path = /shares/tpublic/share
        volume = PUBLIC
        oplocks = no
        create mask = 0770
        directory mask = 0770

here's a getfacl to such a problem file :

# file: IMAGE.JPG
# owner: CORP\USER-01
# group: CORP\Domain users
user::r-x
group::r--
group:CORP\Domain users:rwx
mask::rwx
other::---

here's a ls -al of the same file :
                      
[root@SERVER IMAGES]# ls -al
-r-xrwx---+   1 CORP\USER-01 CORP\Domain users   479135 03-30 10:42 IMAGE.JPG

on thing I find weird is that entry "group::r--" in the getfacl
result,
which should refer to the file creator's group, which is "# group:
CORP\Domain users", compared to the next line "group:CORP\Domain
users:rwx"

in that situation, nobody even the creator himself can remove the file

i have to do an "setfacl -m g::rw- IMAGE.JPG" to update the acl entry
"group::r--" to allow the user (and anybody else from the domain,
which is
anyway what i want) to remove the file 

the question is : how did the file get such an acl when copied from a cd in
a win nt wks, and how can i avoid this ?

tia


			- * - * - * - * - * - * -
Bien s?r que je suis perfectionniste !
Mais ne pourrais-je pas l'?tre mieux ?
	Thierry ITTY
eMail : Thierry.Itty@Besancon.org		FRANCE

hi,

try to use
   force create mode = 0664
   force directory mode = 0775
parameters to ensure files have write access

another good idea is to set the s bit to the parent directory (chmod g+s) to set
group onwer of the files/directories to the same than the parent directory (I
set a group of users with write access to the share, then this attribute allow
users of this group the manage the files created by other users of the same
group)

hope this helps to you

> -----Mensaje original-----
> De: Thierry ITTY [mailto:thierry.itty@besancon.org]
> Enviado el: martes, 20 de mayo de 2003 11:25
> Para: samba@lists.samba.org
> Asunto: [Samba] readonly files get un-erasable from win nt clients
> #REPOST
> 
> 
> Hi
> 
> I posted this last week but go no answers. So I try again in 
> case someone
> has any idea...
> 
> I have a file server (linux with acl and quotas custom 2.4.18 
> kernel, samba
> 2.2.7a with acl, quotas and winbind)
> among others there's a share on which any user of the domain 
> is allowed to
> put files, any user able to read and write other users' files 
> (a public and
> free space)
> 
> the problem is that sometimes people copy files from CDs 
> where the readonly
> bit is set, and once copied, nobody is allowed to remove them
> 
> here's an excerpt from smb.conf
> 
> # Global Parameters
>         security = DOMAIN
>         encrypt passwords = Yes
>         map to guest = Bad User
>         null passwords = Yes
>         os level = 10
>         winbind uid = 10000-19999
>         winbind gid = 10000-19999
>         valid users = +"CORP\Domain users"
>         read only = No
>         create mask = 0775
>         directory mask = 0775
> [public]
>         path = /shares/tpublic/share
>         volume = PUBLIC
>         oplocks = no
>         create mask = 0770
>         directory mask = 0770
> 
> here's a getfacl to such a problem file :
> 
> # file: IMAGE.JPG
> # owner: CORP\USER-01
> # group: CORP\Domain users
> user::r-x
> group::r--
> group:CORP\Domain users:rwx
> mask::rwx
> other::---
> 
> here's a ls -al of the same file :
>                       
> [root@SERVER IMAGES]# ls -al
> -r-xrwx---+   1 CORP\USER-01 CORP\Domain users   479135 03-30 
> 10:42 IMAGE.JPG
> 
> on thing I find weird is that entry "group::r--" in the 
> getfacl result,
> which should refer to the file creator's group, which is "# group:
> CORP\Domain users", compared to the next line 
> "group:CORP\Domain users:rwx" 
> 
> in that situation, nobody even the creator himself can remove the file
> 
> i have to do an "setfacl -m g::rw- IMAGE.JPG" to update the acl
entry
> "group::r--" to allow the user (and anybody else from the 
> domain, which is
> anyway what i want) to remove the file 
> 
> the question is : how did the file get such an acl when 
> copied from a cd in
> a win nt wks, and how can i avoid this ?
> 
> tia
> 
> 
> 			- * - * - * - * - * - * -
> Bien s?r que je suis perfectionniste !
> Mais ne pourrais-je pas l'?tre mieux ?
> 	Thierry ITTY
> eMail : Thierry.Itty@Besancon.org		FRANCE
> -- 
> To unsubscribe from this list go to the following URL and read the
> instructions:  http://lists.samba.org/mailman/listinfo/samba
>