Hello everyone, I've been scouring the web, reading documentation and experimenting with settings and I am having no luck in getting the behavior of the archive bit to be anywhere near expected. I have the file foo.txt in the personal folder that has the ADS group DOMAIN USERS with read/write capability (660). When the user jsmith (domain user) modifies the file, the archive bit is not set. Similarly, CA Brightstor seems incapable of clearing the archive bit when doing backups if the backup user is not the owner. It seems to come down to this--if the user isn't the owner, the archive bit cannot be automagically cleared by applications. The user can manually set and clear, but that doesn't help. Also, unless I misunderstand what force user does, that isn't an option for security reasons. All the stuff I've seen on the lists say that dos filemode = yes and/or map archive = yes are what is needed. I've tried all the combinations of having those two set/not set and I can say with confidence that in this configuration, they patently do not fix the issue. Any ideas? Thanks in advance. Configuration below. Aaron Kincer The configuration: Server: RHEL 4 Update 2 Platform: VMWare Samba Version: 3.0.10-1.4E.9 smb.conf ---------- #Global Settings [global] # Settings kernel oplocks = yes client use spnego = no server signing = auto client signing = auto nt acl support = yes # Share Behavior inherit permissions = yes store dos attributes = yes dos filemode = yes dos filetimes = yes dos filetime resolution = yes acl compatibility = auto map archive = yes map system = no map hidden = no directory security mask = 0777 # Domain Settings workgroup = DOMAIN server string = SERVERNAME os level = 0 preferred master = no announce as = NT Server announce version = 4.9 browse list = yes domain master = no local master = no enhanced browsing = yes idmap uid = 16777216-33554431 idmap gid = 16777216-33554431 winbind use default domain = no winbind enum groups = yes winbind enum users = yes winbind separator = + realm = DOMAIN.LOCAL # Security hosts allow = 192.168.1. 192.168.2. 127. security = ads password server = * encrypt passwords = yes # Logging log file = /var/log/samba/%m.log log level = 3 max log size = 50 # Network Settings socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 remote announce = 192.168.2.255 disable netbios = no netbios name = LEXSFS01 # Network Shares [common] comment = common drive path = /share/common guest ok = yes read only = no write list = +"DOMAIN+Domain Users" read list = +"DOMAIN+Domain Users" create mask = 0774 directory mask = 0775 [personal] comment = personal drive path = /share/personal guest ok = no read only = no write list = +"DOMAIN+Domain Users" read list = +"DOMAIN+Domain Users" create mask = 0770 directory mask = 0770
acl group control = yes maybe? cheers 1 sep 2006 kl. 15:07 skrev Aaron Kincer:> Hello everyone, > > I've been scouring the web, reading documentation and experimenting > with settings and I am having no luck in getting the behavior of > the archive bit to be anywhere near expected. I have the file > foo.txt in the personal folder that has the ADS group DOMAIN USERS > with read/write capability (660). When the user jsmith (domain > user) modifies the file, the archive bit is not set. Similarly, CA > Brightstor seems incapable of clearing the archive bit when doing > backups if the backup user is not the owner. > > It seems to come down to this--if the user isn't the owner, the > archive bit cannot be automagically cleared by applications. The > user can manually set and clear, but that doesn't help. Also, > unless I misunderstand what force user does, that isn't an option > for security reasons. > > All the stuff I've seen on the lists say that dos filemode = yes > and/or map archive = yes are what is needed. I've tried all the > combinations of having those two set/not set and I can say with > confidence that in this configuration, they patently do not fix the > issue. > > Any ideas? Thanks in advance. Configuration below. > > Aaron Kincer > > The configuration: > > Server: RHEL 4 Update 2 > Platform: VMWare > Samba Version: 3.0.10-1.4E.9 > > smb.conf > ---------- > > > #Global Settings > > [global] > > # Settings > > kernel oplocks = yes > client use spnego = no > server signing = auto > client signing = auto > nt acl support = yes > > # Share Behavior > > inherit permissions = yes > store dos attributes = yes > dos filemode = yes > dos filetimes = yes > dos filetime resolution = yes > acl compatibility = auto > map archive = yes > map system = no > map hidden = no > directory security mask = 0777 > > # Domain Settings > > workgroup = DOMAIN > server string = SERVERNAME > os level = 0 > preferred master = no > announce as = NT Server > announce version = 4.9 > browse list = yes > domain master = no > local master = no > enhanced browsing = yes > idmap uid = 16777216-33554431 > idmap gid = 16777216-33554431 > winbind use default domain = no > winbind enum groups = yes > winbind enum users = yes > winbind separator = + > realm = DOMAIN.LOCAL > > # Security > > hosts allow = 192.168.1. 192.168.2. 127. > security = ads > password server = * > encrypt passwords = yes > > # Logging > > log file = /var/log/samba/%m.log > log level = 3 > max log size = 50 > > # Network Settings > > socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 > remote announce = 192.168.2.255 > disable netbios = no > netbios name = LEXSFS01 > > # Network Shares > > [common] > comment = common drive > path = /share/common > guest ok = yes > read only = no > write list = +"DOMAIN+Domain Users" > read list = +"DOMAIN+Domain Users" > create mask = 0774 > directory mask = 0775 > > [personal] > comment = personal drive > path = /share/personal > guest ok = no > read only = no > write list = +"DOMAIN+Domain Users" > read list = +"DOMAIN+Domain Users" > create mask = 0770 > directory mask = 0770 > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/listinfo/samba