Hi, how can I prevent users from modifying access rights on files and directories on a share (on an ext3 partition with ACLs)? Users must be able to read from arbitrary directories on the share belonging to groups they are not members of, and they must have write access to files belonging to other users in the same group, sometimes to files/directories that are owned by users of other groups. But they must not be able to modify the access rights of files owned by users in the same group; eventually it will be useful to deny modifying access rights to all users. How can that be achieved? GH -- for i in "*.txt"; do mail -s $i hwilmer < $i; done su: $i: ambiguous redirect
Gerald (Jerry) Carter
2004-Oct-29 13:08 UTC
[Samba] how to prevent users from modifying access rights
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 . wrote: | | Hi, | | how can I prevent users from modifying access rights on files and | directories on a share (on an ext3 partition with ACLs)? | | Users must be able to read from arbitrary directories on | the share belonging to groups they are not members of, and | they must have write access to files belonging to other users | in the same group, sometimes to files/directories that are | owned by users of other groups. But they must not be able to | modify the access rights of files owned by users in the | same group; eventually it will be useful to deny | modifying access rights to all users. set all files to be owned by root :-) and make sure that 'dos filemode = no' That should do it. (but give the user's the necessary write permissions). cheers, jerry - --------------------------------------------------------------------- Alleviating the pain of Windows(tm) ------- http://www.samba.org GnuPG Key ----- http://www.plainjoe.org/gpg_public.asc "If we're adding to the noise, turn off this song"--Switchfoot (2003) -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFBgkDCIR7qMdg1EfYRAvU8AJ9nNeVmO27o7yPZ/TsUcBxssBHuAACdGTzW Nj7dPSEy+GqjXRZdx/i20eQ=Khy2 -----END PGP SIGNATURE-----