From: Jeremy Allison on
On Wed, May 19, 2010 at 04:41:01PM +0200, Krigler Pavol wrote:
> Hello,
>
> I have noticed some ALC issues with files and directories. I use samba
> server 3.0.33 on CentOS 4.8 joined to Windows 2003 domain. Everything
> works fine, all users are authenticated to domain controller. My aim is
> to give FULL ACCESS (open/read/write/rename/delete..) to directory
> "testdir" to two users, john and mark without using groups because I
> have no permissions on domain controller (only add server to domain).
> Permissions of "testdir":
>
> getfacl testdir
> # file: testdir
> # owner: techadmin
> # group: root
> user::rwx
> user:john:rwx
> user:mark:rwx
> group::rwx
> mask::rwx
> other::---
> default:user::rwx
> default:user:john:rwx
> default:user:mark:rwx
> default:mask::rwx
> default:other::---
>
> The problem is that users john and mark have rwx permissions, they are
> able to create file, modify but _not_ delete neither rename the file
> under "testdir". Only owner of the directory "testdir" - user techadmin
> is able to delete/rename files under directory. As far as I know, only
> owner of the up level directory can delete or rename file(s). The
> question is: how is possible to allow both users to delete/modify files
> under "testdir" directory without using (domain) groups ?
> Filesystem ext3 is mounted with ACL options, SELinux enabled, audit.log
> has not deny entries, and the configuration of samba is following:

I think you also want "dos filemode = yes"
and also possibly "acl group control = yes".

Jeremy
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
From: Krigler Pavol on
On 05/19/2010 06:06 PM, Jeremy Allison wrote:
> On Wed, May 19, 2010 at 04:41:01PM +0200, Krigler Pavol wrote:
>> Hello,
>>
>> I have noticed some ALC issues with files and directories. I use samba
>> server 3.0.33 on CentOS 4.8 joined to Windows 2003 domain. Everything
>> works fine, all users are authenticated to domain controller. My aim is
>> to give FULL ACCESS (open/read/write/rename/delete..) to directory
>> "testdir" to two users, john and mark without using groups because I
>> have no permissions on domain controller (only add server to domain).
>> Permissions of "testdir":
>>
>> getfacl testdir
>> # file: testdir
>> # owner: techadmin
>> # group: root
>> user::rwx
>> user:john:rwx
>> user:mark:rwx
>> group::rwx
>> mask::rwx
>> other::---
>> default:user::rwx
>> default:user:john:rwx
>> default:user:mark:rwx
>> default:mask::rwx
>> default:other::---
>>
>> The problem is that users john and mark have rwx permissions, they are
>> able to create file, modify but _not_ delete neither rename the file
>> under "testdir". Only owner of the directory "testdir" - user techadmin
>> is able to delete/rename files under directory. As far as I know, only
>> owner of the up level directory can delete or rename file(s). The
>> question is: how is possible to allow both users to delete/modify files
>> under "testdir" directory without using (domain) groups ?
>> Filesystem ext3 is mounted with ACL options, SELinux enabled, audit.log
>> has not deny entries, and the configuration of samba is following:
>
> I think you also want "dos filemode = yes"
> and also possibly "acl group control = yes".
>
> Jeremy

Thank you Jeremy, these options are also good for me but does not helped
me. I hope, there is some solution for me how to "bypass" the standard
unix behaviour that only owner of the directory is able to delete/rename
files under this directory without using groups.

Thanks,

Pavol