Hello everyone,
I've been scouring the web, reading documentation and experimenting with
settings and I am having no luck in getting the behavior of the archive
bit to be anywhere near expected. I have the file foo.txt in the
personal folder that has the ADS group DOMAIN USERS with read/write
capability (660). When the user jsmith (domain user) modifies the file,
the archive bit is not set. Similarly, CA Brightstor seems incapable of
clearing the archive bit when doing backups if the backup user is not
the owner.
It seems to come down to this--if the user isn't the owner, the archive
bit cannot be automagically cleared by applications. The user can
manually set and clear, but that doesn't help. Also, unless I
misunderstand what force user does, that isn't an option for security
reasons.
All the stuff I've seen on the lists say that dos filemode = yes and/or
map archive = yes are what is needed. I've tried all the combinations of
having those two set/not set and I can say with confidence that in this
configuration, they patently do not fix the issue.
Any ideas? Thanks in advance. Configuration below.
Aaron Kincer
The configuration:
Server: RHEL 4 Update 2
Platform: VMWare
Samba Version: 3.0.10-1.4E.9
smb.conf
----------
#Global Settings
[global]
# Settings
kernel oplocks = yes
client use spnego = no
server signing = auto
client signing = auto
nt acl support = yes
# Share Behavior
inherit permissions = yes
store dos attributes = yes
dos filemode = yes
dos filetimes = yes
dos filetime resolution = yes
acl compatibility = auto
map archive = yes
map system = no
map hidden = no
directory security mask = 0777
# Domain Settings
workgroup = DOMAIN
server string = SERVERNAME
os level = 0
preferred master = no
announce as = NT Server
announce version = 4.9
browse list = yes
domain master = no
local master = no
enhanced browsing = yes
idmap uid = 16777216-33554431
idmap gid = 16777216-33554431
winbind use default domain = no
winbind enum groups = yes
winbind enum users = yes
winbind separator = +
realm = DOMAIN.LOCAL
# Security
hosts allow = 192.168.1. 192.168.2. 127.
security = ads
password server = *
encrypt passwords = yes
# Logging
log file = /var/log/samba/%m.log
log level = 3
max log size = 50
# Network Settings
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
remote announce = 192.168.2.255
disable netbios = no
netbios name = LEXSFS01
# Network Shares
[common]
comment = common drive
path = /share/common
guest ok = yes
read only = no
write list = +"DOMAIN+Domain Users"
read list = +"DOMAIN+Domain Users"
create mask = 0774
directory mask = 0775
[personal]
comment = personal drive
path = /share/personal
guest ok = no
read only = no
write list = +"DOMAIN+Domain Users"
read list = +"DOMAIN+Domain Users"
create mask = 0770
directory mask = 0770
acl group control = yes maybe? cheers 1 sep 2006 kl. 15:07 skrev Aaron Kincer:> Hello everyone, > > I've been scouring the web, reading documentation and experimenting > with settings and I am having no luck in getting the behavior of > the archive bit to be anywhere near expected. I have the file > foo.txt in the personal folder that has the ADS group DOMAIN USERS > with read/write capability (660). When the user jsmith (domain > user) modifies the file, the archive bit is not set. Similarly, CA > Brightstor seems incapable of clearing the archive bit when doing > backups if the backup user is not the owner. > > It seems to come down to this--if the user isn't the owner, the > archive bit cannot be automagically cleared by applications. The > user can manually set and clear, but that doesn't help. Also, > unless I misunderstand what force user does, that isn't an option > for security reasons. > > All the stuff I've seen on the lists say that dos filemode = yes > and/or map archive = yes are what is needed. I've tried all the > combinations of having those two set/not set and I can say with > confidence that in this configuration, they patently do not fix the > issue. > > Any ideas? Thanks in advance. Configuration below. > > Aaron Kincer > > The configuration: > > Server: RHEL 4 Update 2 > Platform: VMWare > Samba Version: 3.0.10-1.4E.9 > > smb.conf > ---------- > > > #Global Settings > > [global] > > # Settings > > kernel oplocks = yes > client use spnego = no > server signing = auto > client signing = auto > nt acl support = yes > > # Share Behavior > > inherit permissions = yes > store dos attributes = yes > dos filemode = yes > dos filetimes = yes > dos filetime resolution = yes > acl compatibility = auto > map archive = yes > map system = no > map hidden = no > directory security mask = 0777 > > # Domain Settings > > workgroup = DOMAIN > server string = SERVERNAME > os level = 0 > preferred master = no > announce as = NT Server > announce version = 4.9 > browse list = yes > domain master = no > local master = no > enhanced browsing = yes > idmap uid = 16777216-33554431 > idmap gid = 16777216-33554431 > winbind use default domain = no > winbind enum groups = yes > winbind enum users = yes > winbind separator = + > realm = DOMAIN.LOCAL > > # Security > > hosts allow = 192.168.1. 192.168.2. 127. > security = ads > password server = * > encrypt passwords = yes > > # Logging > > log file = /var/log/samba/%m.log > log level = 3 > max log size = 50 > > # Network Settings > > socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 > remote announce = 192.168.2.255 > disable netbios = no > netbios name = LEXSFS01 > > # Network Shares > > [common] > comment = common drive > path = /share/common > guest ok = yes > read only = no > write list = +"DOMAIN+Domain Users" > read list = +"DOMAIN+Domain Users" > create mask = 0774 > directory mask = 0775 > > [personal] > comment = personal drive > path = /share/personal > guest ok = no > read only = no > write list = +"DOMAIN+Domain Users" > read list = +"DOMAIN+Domain Users" > create mask = 0770 > directory mask = 0770 > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/listinfo/samba