Hello, I've a samba 3.0.24 and a share in ext3 with acl. I've set on a file the following permissions on a file a.txt : vssamba:/# getfacl /mnt/samba/partage/a.txt getfacl: Removing leading '/' from absolute path names # file: mnt/samba/partage/a.txt # owner: herve # group: users user::rwx group::r-- other::r-- The rights for share "Partage" are : [partage] comment = blablabla path = /mnt/samba/partage public = yes writable = yes directory mask = 0744 create mask = 0744 security mask = 0744 force security mode = 0 directory security mask = 0744 force directory security mode = 0 BUT, a user in "others" can delete the file from Windows XP !!!! What I have missed ?
Michael Heydon
2008-Feb-13 23:14 UTC
[Samba] acl, no rights and possibility to delete files
<mailto:michaelh@jaswin.com.au>Herv? H?noch wrote:> Hello, > > I've a samba 3.0.24 and a share in ext3 with acl. > > I've set on a file the following permissions on a file a.txt : > > vssamba:/# getfacl /mnt/samba/partage/a.txt > getfacl: Removing leading '/' from absolute path names > # file: mnt/samba/partage/a.txt > # owner: herve > # group: users > user::rwx > group::r-- > other::r-- > > The rights for share "Partage" are : > > [partage] > comment = blablabla > path = /mnt/samba/partage > public = yes > writable = yes > directory mask = 0744 > create mask = 0744 > security mask = 0744 > force security mode = 0 > directory security mask = 0744 > force directory security mode = 0 > > BUT, a user in "others" can delete the file from Windows XP !!!! > What I have missed ? >What are the permissions on the parent directory? Deleting a file doesn't require permission to write to the file, it is a change to the directory... ~/test$ ls -la total 8 drwxr-xr-x 2 user group 4096 2008-02-14 08:09 ./ drwxr-xr-x 17 user group 4096 2008-02-14 08:09 ../ ~/test$ touch asdf ~/test$ chmod 000 asdf ~/test$ rm -f asdf ~/test$ touch asdf ~/test$ chmod 555 ./ ~/test$ rm -f asdf rm: cannot remove `asdf': Permission denied ~/test$ touch ./zxcv touch: cannot touch `./zxcv': Permission denied As you can see, removing all permissions from asdf doesn't prevent me from deleting it (although I wouldn't be able to modify it) it is the write permission on the parent directory that controls whether or not I can create or delete files. *Michael Heydon - IT Administrator * michaelh@jaswin.com.au <mailto:michaelh@jaswin.com.au>