thr3ads.net - samba - [Samba] write list, read list, admin list does not work as expected [Feb 2007]

If this information is useful, please help other people find it:
Share via:

Voelz Alexander

2007-Feb-04 01:04 UTC

[Samba] write list, read list, admin list does not work as expected

Dear group,

my understanding on how read, write and admin access of a share work,
differs from what I observe4.

What I understood from the documentation is that
*	if there's a read list the users in this list have ONLY read
access, no matter what the unix file/dir bits say
*	the read list ist superceded by the write list. Users can write
IF the underlying unix-FS permits it.
*	admin users have rw-access to every-file, no matter who the
owner is.

I am asking, because what I want is
*	Group A with admin access, so they can delete ALL files, no
matter who created them,
*	Group W with write access, with every user able to create files,
and able to delete his own, only,
*	Group R with read-only access. These users should only be able
to SEE what the others wrote.

In my samba-config it says:
*	write list   = @W
*	admin users  = @A
*	read list    = @R
*	force create mode = 775
*	force directory mode = 755 # default

I have a directory which has the unix bits 777:
*	drwxrwxrwx+ 2 vjuser vjusers 8192 Jan  4 10:32 Archive

But smbcacls says:
	> smbcacls //serverA/share Archive -U "DOMAIN/vo03a"
	OWNER:serverA\vjuser
	GROUP:serverA\vjusers
	ACL:DOMAIN\W:ALLOWED/3/READ
	ACL:DOMAIN\A:ALLOWED/3/FULL
	ACL:DOMAIN\R:ALLOWED/3/READ
	ACL:serverA\vjuser:ALLOWED/0/FULL
	ACL:serverA\vjusers:ALLOWED/0/READ
	ACL:\Everyone:ALLOWED/0/FULL
	ACL:\CREATOR OWNER:ALLOWED/11/FULL
	ACL:\CREATOR GROUP:ALLOWED/11/READ
	ACL:\Everyone:ALLOWED/11/


And I can't change this with smbcacls:

vo03a is Member of A:
	> getent group A
	
A:x:16782746:xx55x,ha06t,vo03a,ju02i,bri0002k,pos0002s,kn01r,ni05s

xxx0422z is Member of W:
	> getent group W
	W:x:16782751:xxx0422z

Did I at least understand the purpose of the different lists right?
Anyone with experience using these lists?

I don't think it matters, but the domain is a win2000SP1 domain, serverA
is just samba, no domain function. The groups are defined at domain
Level, as the users are.

Any advice is appreciated.

Regards,
Alexander

Possibly Parallel Threads

user-group mapping not inherited from Windows-Domain?

samba - Feb 2007 - write list, read list, admin list does not work as expected

[Samba] write list, read list, admin list does not work as expected

Possibly Parallel Threads

Wisdom of the Ancients