On Fri, Aug 12, 2016 at 11:20:47AM -0500, Sergei Gerasenko via samba wrote:> It looks like this is a long known issue: > > https://bugzilla.samba.org/show_bug.cgi?id=10792If by long known you mean "as designed". As Samba supports ACL setting on files/directories we don't restrict what happens to them after creation. For creation you can set "create mask" and "directory mask" but the client can change it afterwards.
Am 12.08.2016 um 18:57 schrieb Jeremy Allison via samba:> On Fri, Aug 12, 2016 at 11:20:47AM -0500, Sergei Gerasenko via samba wrote: >> It looks like this is a long known issue: >> >> https://bugzilla.samba.org/show_bug.cgi?id=10792 > > If by long known you mean "as designed". As Samba supports > ACL setting on files/directories we don't restrict what > happens to them after creation. > > For creation you can set "create mask" and "directory mask" > but the client can change it afterwardswell, an option to igore that clients wish (and the same for the normal unix permissions) would be nice because Apple stuff tends to trying be smarter than the admin which knows how permissions have to look like so that all users which needs access have it and that is often *exatly* as the sharepoint with no exception because access to shares is granted by asign users to specific group*s* -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 181 bytes Desc: OpenPGP digital signature URL: <http://lists.samba.org/pipermail/samba/attachments/20160812/742a7d08/signature.sig>
On Fri, Aug 12, 2016 at 07:27:00PM +0200, Reindl Harald via samba wrote:> > > Am 12.08.2016 um 18:57 schrieb Jeremy Allison via samba: > >On Fri, Aug 12, 2016 at 11:20:47AM -0500, Sergei Gerasenko via samba wrote: > >>It looks like this is a long known issue: > >> > >>https://bugzilla.samba.org/show_bug.cgi?id=10792 > > > >If by long known you mean "as designed". As Samba supports > >ACL setting on files/directories we don't restrict what > >happens to them after creation. > > > >For creation you can set "create mask" and "directory mask" > >but the client can change it afterwards > > well, an option to igore that clients wish (and the same for the > normal unix permissions) would be nice because Apple stuff tends to > trying be smarter than the admin which knows how permissions have to > look like so that all users which needs access have it > > and that is often *exatly* as the sharepoint with no exception > because access to shares is granted by asign users to specific > group*s*We used to have that. Was called "security mask" and "directory security mask". It got removed as there was no way to differentiate between the "create" action and "modify permissions" action at the level below the VFS.