Hi,
I am experiencing the problem as described in
http://us1.samba.org/samba/docs/man/Samba-Guide/kerberos.html#id2562652
Unfortunately the remedy/workaround as described there does not work in the
more general case of ACLs.
Problem description:
- User A owns file F.
- User B has rw access to F via a user ACL
- Group G has rw access to F via a group ACL
- User B edits the excel file F
- User B saves file F.
- File F gets stored with user B being the owner and with read-only
permissions (this behaviour is specific to samba/excel and does not happen
with a W2K server)
- Due the concept of effective ACLs the file cannot be modified by user A
anymore even though that user A belongs to the supplementary group B which has
rw access
The initial problem is that Samba 3 behaves differently from a W2K server. In
contrast to Samba 3 Windows does keep the ownership when a file is edited
even though technically Excel does an intermediate copy.
I am aware of the fact that Samba 3 is nothing more than a plain user process
running with the credentials of the connected user. So when creating a new
file the ownership must be the user and therefore cannot be preserved.
But with traditional unix:
- User B edits the file F which is owned by user A
- User B is granted rw access via group permissions
- The ownership, group and access mode is _preserved
So the question remains if it is possible to preserve the ACLs when editing a
file with Excel?
Somehow a Windows server does not really create a new intermediate file which
is then renamed to the original filename.
It looks to me that instead of
- create new file intermediate file
- delete original file by renaming new file
it would be better if samba would do the following
- create new file intermediate file
- "cat" contents of the intermediate file on the _existing_ file
This would imho allow to preserver the ownership and the ACLs.
In order to establish understanding I repeat myself using pseudo shell
commands.
Current Samba behavior:
- echo "data" > intermediate_file # user B is storing the file
- mv intermediate_file original_file # user B is now the owner of the file
Proposed Samba behavior:
- echo "data" > intermediate_file
- cat intermediate_file > original_file # contents of intermediate file
# is propagated to the original file
# without loosing ownership and without
# changes to the ACLs
Anyone else has the same problem and knows about a remedy which works in
environments with _many_ users sharing files in complex manners?
Yours,
-- martin
Dipl.-Phys. Martin Konold
e r f r a k o n
Erlewein, Frank, Konold & Partner - Beratende Ingenieure und Physiker
Nobelstrasse 15, 70569 Stuttgart, Germany
fon: 0711 67400963, fax: 0711 67400959
email: martin.konold@erfrakon.de