Jack Bates
2012-May-30 05:21 UTC
[Samba] Prevent Samba clients from changing group ownership?
How can I prevent Samba clients from changing the group ownership of files? With the security mask parameter I can prevent Samba clients from changing some permission bits, but I can't find a parameter to prevent changing the group ownership
Jeremy Allison
2012-Jun-05 16:46 UTC
[Samba] Prevent Samba clients from changing group ownership?
On Tue, May 29, 2012 at 10:21:23PM -0700, Jack Bates wrote:> How can I prevent Samba clients from changing the group ownership of files? > > With the security mask parameter I can prevent Samba clients from > changing some permission bits, but I can't find a parameter to > prevent changing the group ownershipI don't think we currently can do this.
Dirk Traenapp
2012-Jun-06 06:47 UTC
[Samba] Prevent Samba clients from changing group ownership?
Hi,
do i understand you correctly that you have a folder/share with a preferred
default group and all users have a different default group for themselves and
you need that all files in the destination folder of the share belongs to the
default group of the folder and not the user?
If this is the goal you can do this whith g+s on the folder. We do this for our
workgroupshares.
Example:
=======Our share for all workgroups in the company in smb.conf
[zdv]
path = /mnt/share/zdv
valid users = @dom?nen-benutzer, @dom?nen-admins
read only = No
directory mask = 0770
create mask = 0770
guest ok = false
inherit acls = Yes
inherit permissions = No
hide unreadable = Yes
Now the UNIX-Rights for some of the folders:
[root at file1 zdv]# ll -d *BD*
drwxrws---+ 5 root nwo-bd-leiter 4096 21. Feb 08:31 NWO-BD-Leiter
drwxrws---+ 79 root nwo-bd 4096 6. Jun 08:23 NWO-BD
.. and the ACL's
[root at file1 zdv]# getfacl NWO-BD
# file: NWO-BD
# owner: root
# group: nwo-bd
user::rwx
group::rwx
group:dom?nen-admins:rwx
group:nwo-bd:rwx
group:nwo-b-leiter:rwx
group:nwo-bd-leiter:rwx
group:ausbildung-bd:rwx
mask::rwx
other::---
default:user::rwx
default:group::rwx
default:group:dom?nen-admins:rwx
default:group:dom?nen-benutzer:rwx
default:group:nwo-bd:rwx
default:group:nwo-b-leiter:rwx
default:group:nwo-bd-leiter:rwx
default:group:ausbildung-bd:rwx
default:mask::rwx
default:other::r-x
That is my user:
[root at file1 NWO-BD]# id tr
uid=2103(tr) gid=1513(dom?nen-benutzer)
Gruppen=1513(dom?nen-benutzer),2418(dcapturebatch),2120(nwo-bd),2427(estos-user),2417(gis-user),2157(nwo-b),2191(nwo-bd-leiter)
With this configuration i can force every new folder or file belonging to
default-group of the parent folder.
Mit freundlichen Gr??en / Kind regards
Dirk Traenapp
Datenverarbeitung
Nord-West Oelleitung GmbH
Zum ?lhafen 207
26384 Wilhelmshaven
Tel: +49 (0)4421 62-364
Fax: +49 (0)4421 62-221
Mobil: +49 (0)160 90522467
Web: www.nwowhv.de
--------------------------------------------------------------------------------
Gesch?ftsf?hrer: Dr.-Ing. J?rg Niegsch, Wilhelmshaven - Lars Bergmann, Hamburg |
Eingetragen beim Amtsgericht Oldenburg unter HRB 130002