Jonathan Szalavecz
2024-Oct-23 22:08 UTC
[Samba] Optimal File Permissions for Shared Access Between Windows and Linux
Hi Rowland, I've been working with the ACLs, and everything looks good! It seems I can now proceed with your Samba configuration. [global] ?? min protocol = SMB3 ## Browsing/Identification ### # Change this to the workgroup/NT-domain name your Samba server will part of ?? workgroup = WORKGROUP ?? vfs objects = catia fruit streams_xattr acl_xattr ?? fruit:delete_empty_adfiles = yes ?? fruit:metadata = stream ?? fruit:nfs_aces = no ?? fruit:veto_appledouble = no ?? fruit:wipe_intentionally_left_blank_rfork = yes ?? map acl inherit = Yes [NAS] ?? comment = RaspberryPi ?? path = /mnt/shared ?? read only = no [DatabaseShare] ?? comment = Database File Share ?? path = /mnt/shared/partage_de_fichiers ?? read only = no Here are a few examples of the ACLs: The directory I need to share with my wife # file: mnt/shared/partage_de_fichiers # owner: john_johnk # group: sharedaccess # flags: -s- user::rwx group::rwx other::--- An utility directory file: mnt/shared/Utilitaires PC # owner: john_johnk # group: john_johnk user::rwx group::--- other::--- A db file # file: mnt/shared/Database.kdbx # owner: john_johnk # group: john_johnk user::rw- group::--- other::--- The overall /mnt/shared # file: mnt/shared # owner: john_johnk # group: sharedaccess user::rwx user:john_johnk:rwx group::rwx mask::rwx other::--- Let me know if you need any further adjustments! Best, John Le 10/21/2024 ? 10:49 AM, Rowland Penny via samba a ?crit?:> Sorry about that, I missed that out, try this one: > > [global] > ?? workgroup = WORKGROUP > ?? vfs objects = catia fruit streams_xattr > ?? fruit:delete_empty_adfiles = yes > ?? fruit:metadata = stream > ?? fruit:nfs_aces = no > ?? fruit:veto_appledouble = no > ?? fruit:wipe_intentionally_left_blank_rfork = yes > > [NAS] > ?? comment = RaspberryPi > ?? path = /mnt/shared > ?? read only = no > ?? create mask = 0600 > ?? directory mask = 0700 > > [DatabaseShare] > ?? comment = Database File Share > ?? path = /mnt/shared/partage_de_fichiers > ?? read only = no > ?? create mask = 0660 > ?? directory mask = 0770 > ?? force group = sharedaccess > ?? force create mode = 0660 > > The major problem people have with Samba is that they say it is hard to configure, all those parameters to set, totally missing that mostly they are setting defaults that do not need to be manually set. > You also may find it easier if you also install the acl and attr packages (they may be already installed) and use acl_xattr, so that: > > vfs objects = catia fruit streams_xattr > > Becomes: > > vfs objects = catia fruit streams_xattr acl_xattr > map acl inherit = Yes > > Then read up on setfacl and getfacl. These will allow you to set finer control on your directories and files. > You would then not require the 'create', 'directory' & 'force' lines. > > Rowland
Jonathan Szalavecz
2024-Oct-24 13:55 UTC
[Samba] Optimal File Permissions for Shared Access Between Windows and Linux
I thought with the ACL it would be easier but it is the same nightmare :-( john_johnk at raspberrypi:~ $ getfacl /mnt/shared/partage_de_fichiers getfacl: Removing leading '/' from absolute path names # file: mnt/shared/partage_de_fichiers # owner: john_johnk # group: sharedaccess # flags: -s- user::rwx group::rwx other::--- default:user::rw- default:group::rw- default:group:sharedaccess:rw- default:mask::rw- default:other::--- but when I create a file from DatabaseShare ...the group is wrong and I have the x execution which comes from nowhere :-( john_johnk at raspberrypi:~ $ ls -l /mnt/shared/partage_de_fichiers total 102120 -rw-rwx---+ 1 john_johnk john_johnk?????? 73979 Oct 10? 2016 'Facture RAM_2.pdf' -rw-rwx---+ 1 john_johnk john_johnk????? 125627 Dec? 2? 2021 'Facture Tennis RNS21.pdf' Le 10/24/2024 ? 12:08 AM, Jonathan Szalavecz via samba a ?crit?:> Hi Rowland, > > I've been working with the ACLs, and everything looks good! It seems I > can now proceed with your Samba configuration. > > [global] > ?? min protocol = SMB3 > ## Browsing/Identification ### > > # Change this to the workgroup/NT-domain name your Samba server will > part of > ?? workgroup = WORKGROUP > ?? vfs objects = catia fruit streams_xattr acl_xattr > ?? fruit:delete_empty_adfiles = yes > ?? fruit:metadata = stream > ?? fruit:nfs_aces = no > ?? fruit:veto_appledouble = no > ?? fruit:wipe_intentionally_left_blank_rfork = yes > ?? map acl inherit = Yes > > [NAS] > ?? comment = RaspberryPi > ?? path = /mnt/shared > ?? read only = no > > [DatabaseShare] > ?? comment = Database File Share > ?? path = /mnt/shared/partage_de_fichiers > ?? read only = no > > Here are a few examples of the ACLs: > > The directory I need to share with my wife > > # file: mnt/shared/partage_de_fichiers > # owner: john_johnk > # group: sharedaccess > # flags: -s- > user::rwx > group::rwx > other::--- > > An utility directory > file: mnt/shared/Utilitaires PC > # owner: john_johnk > # group: john_johnk > user::rwx > group::--- > other::--- > > A db file > > # file: mnt/shared/Database.kdbx > # owner: john_johnk > # group: john_johnk > user::rw- > group::--- > other::--- > > The overall /mnt/shared > # file: mnt/shared > # owner: john_johnk > # group: sharedaccess > user::rwx > user:john_johnk:rwx > group::rwx > mask::rwx > other::--- > > Let me know if you need any further adjustments! > > Best, > John > > > > > Le 10/21/2024 ? 10:49 AM, Rowland Penny via samba a ?crit?: >> Sorry about that, I missed that out, try this one: >> >> [global] >> ? ?? workgroup = WORKGROUP >> ? ?? vfs objects = catia fruit streams_xattr >> ? ?? fruit:delete_empty_adfiles = yes >> ? ?? fruit:metadata = stream >> ? ?? fruit:nfs_aces = no >> ? ?? fruit:veto_appledouble = no >> ? ?? fruit:wipe_intentionally_left_blank_rfork = yes >> >> [NAS] >> ? ?? comment = RaspberryPi >> ? ?? path = /mnt/shared >> ? ?? read only = no >> ? ?? create mask = 0600 >> ? ?? directory mask = 0700 >> >> [DatabaseShare] >> ? ?? comment = Database File Share >> ? ?? path = /mnt/shared/partage_de_fichiers >> ? ?? read only = no >> ? ?? create mask = 0660 >> ? ?? directory mask = 0770 >> ? ?? force group = sharedaccess >> ? ?? force create mode = 0660 >> >> The major problem people have with Samba is that they say it is hard >> to configure, all those parameters to set, totally missing that >> mostly they are setting defaults that do not need to be manually set. >> You also may find it easier if you also install the acl and attr >> packages (they may be already installed) and use acl_xattr, so that: >> >> vfs objects = catia fruit streams_xattr >> >> Becomes: >> >> vfs objects = catia fruit streams_xattr acl_xattr >> map acl inherit = Yes >> >> Then read up on setfacl and getfacl. These will allow you to set >> finer control on your directories and files. >> You would then not require the 'create', 'directory' & 'force' lines. >> >> Rowland
Reasonably Related Threads
- Optimal File Permissions for Shared Access Between Windows and Linux
- Optimal File Permissions for Shared Access Between Windows and Linux
- Optimal File Permissions for Shared Access Between Windows and Linux
- Optimal File Permissions for Shared Access Between Windows and Linux
- Optimal File Permissions for Shared Access Between Windows and Linux