samba:
I am attempting to set up a "group share" directory on Debian
"Wheezy"
where any user can create or place files and directories, and every
other user has full access to those files and directories. The
directory will be accessed both locally and via Samba.
Here is my Linux, distribution, and file system info:
$ cat /proc/version
Linux version 3.2.0-4-amd64 (debian-kernel at lists.debian.org) (gcc
version 4.6.3 (Debian 4.6.3-14) ) #1 SMP Debian 3.2.46-1+deb7u1
$ cat /etc/debian_version
7.1
$ grep /mnt/z /proc/mounts
/dev/mapper/data3000 /mnt/z ext4
rw,relatime,user_xattr,barrier=1,data=ordered 0 0
STFW I found a post for Samba only, but I need this to work for local
access too:
http://www.mail-archive.com/samba at lists.samba.org/msg88752.html
STFW I found various posts with partial solutions based on Unix groups,
directory permissions, the group sticky bit, and default ACL's:
http://brunogirin.blogspot.com/2010/03/shared-folders-in-ubuntu-with-setgid.html
http://techslaves.org/2010/04/23/posix-default-acls-umask-and-project-directories/
Here is a Bourne shell script that implements a partial solution:
#!/bin/sh
set -o nounset
set -o errexit
DIR=/mnt/z/data/GroupShare
USERNAME=groupshare
if `grep -q $USERNAME /etc/passwd`; then deluser --system $USERNAME; fi
if `grep -q $USERNAME /etc/group`; then delgroup --system $USERNAME; fi
if [ -d $DIR ]; then rm -rf $DIR; fi
adduser --system --group --no-create-home $USERNAME
mkdir $DIR
chown $USERNAME:$USERNAME $DIR
chmod 0777 $DIR
chmod g+s $DIR
setfacl -m d:u::rwx,d:g::rwx,d:o::rwx,d:m:rwx $DIR
Running the script gives me a directory with the following ACL settings:
$ getfacl /mnt/z/data/GroupShare
getfacl: Removing leading '/' from absolute path names
# file: mnt/z/data/GroupShare
# owner: groupshare
# group: groupshare
# flags: -s-
user::rwx
group::rwx
other::rwx
default:user::rwx
default:group::rwx
default:mask::rwx
default:other::rwx
The directory works as intended if users create files and directories --
e.g. the GroupShare default ACL is applied to the new files and directories:
$ touch /mnt/z/data/GroupShare/foo
$ mkdir /mnt/z/data/GroupShare/bar
$ ll /mnt/z/data/GroupShare
total 12
drwxrwsrwx+ 3 groupshare groupshare 4096 2013/09/09 16:19:27 ./
drwxr-xr-x 7 root root 4096 2013/09/09 16:18:51 ../
drwxrwsrwx+ 2 dpchrist groupshare 4096 2013/09/09 16:19:27 bar/
-rw-rw-rw-+ 1 dpchrist groupshare 0 2013/09/09 16:19:20 foo
However, the directory doesn't work as intended if users copy or move
files or directories:
$ touch foo2
$ cp foo2 /mnt/z/data/GroupShare/.
$ touch foo3
$ mv foo3 /mnt/z/data/GroupShare/.
$ mkdir bar2
$ cp -R bar2 /mnt/z/data/GroupShare/.
$ mkdir bar
$ mv bar3 /mnt/z/data/GroupShare/.
$ ll /mnt/z/data/GroupShare/
total 20
drwxrwsrwx+ 5 groupshare groupshare 4096 2013/09/14 23:36:02 ./
drwxr-xr-x 7 root root 4096 2013/09/09 16:18:51 ../
drwxrwsrwx+ 2 dpchrist groupshare 4096 2013/09/09 16:19:27 bar/
drwxr-sr-x 2 dpchrist dpchrist 4096 2013/09/14 23:34:32 bar2/
drwxr-sr-x 2 dpchrist dpchrist 4096 2013/09/14 23:35:04 bar3/
-rw-rw-rw-+ 1 dpchrist groupshare 0 2013/09/09 16:19:20 foo
-rw-r--r-- 1 dpchrist dpchrist 0 2013/09/14 23:35:50 foo2
-rw-r--r-- 1 dpchrist dpchrist 0 2013/09/14 23:35:58 foo3
Observe that the group ownership is incorrect, the permissions bits are
incorrect, and the ACL is missing for the copied and moved files and
directories.
Has anybody found a solution to this problem?
TIA,
David