Stefan G. Weichinger
2018-Aug-28 16:41 UTC
[Samba] Renaming a folder while other smbd-users have files opened
Am 28.08.18 um 18:16 schrieb Ralph Böhme:> On Tue, Aug 28, 2018 at 04:37:51PM +0200, Stefan G. Weichinger via samba > wrote: >> why does that work? why isn't that blocked/forbidden/not allowed? > > because you didn't know of the "strict rename" parameter which defaults > to false for reasons explained in the manpage. :)thanks for the pointer, read the section right now and it sounds valid ... although I still wonder if I can avoid having users do that by setting ACLs? Is it possible to allow them read/write "Daten/client[abc]" but not rename "Daten", for example? It happened for the first time since over 16 yrs or so, to be fair ;-)
Rowland Penny
2018-Aug-28 17:00 UTC
[Samba] Renaming a folder while other smbd-users have files opened
On Tue, 28 Aug 2018 18:41:18 +0200 "Stefan G. Weichinger via samba" <samba at lists.samba.org> wrote:> Am 28.08.18 um 18:16 schrieb Ralph Böhme: > > On Tue, Aug 28, 2018 at 04:37:51PM +0200, Stefan G. Weichinger via > > samba wrote: > >> why does that work? why isn't that blocked/forbidden/not allowed? > > > > because you didn't know of the "strict rename" parameter which > > defaults to false for reasons explained in the manpage. :) > > thanks for the pointer, read the section right now and it sounds > valid ... although I still wonder if I can avoid having users do that > by setting ACLs? > > Is it possible to allow them read/write "Daten/client[abc]" but not > rename "Daten", for example? > > It happened for the first time since over 16 yrs or so, to be fair ;-) > >I have never tried it, but you could probably do it, if you use Windows ACL's, where there is 'delete subfolders & files' and you can deny this. You would probably have to ignore the Unix attrs with 'acl_xattr:ignore system acls = yes' Rowland
Stefan G. Weichinger
2018-Aug-28 17:05 UTC
[Samba] Renaming a folder while other smbd-users have files opened
Am 28.08.18 um 19:00 schrieb Rowland Penny via samba:> I have never tried it, but you could probably do it, if you use Windows > ACL's, where there is 'delete subfolders & files' and you can deny this. > You would probably have to ignore the Unix attrs with 'acl_xattr:ignore > system acls = yes'We will test that with a separate testing share asap. Thanks.