[Samba] Samba 3.0.33 ACL rename/delete issue
in [Samba]
|
From: Krigler Pavol on 19 May 2010 11:00 Hello, I have noticed some ALC issues with files and directories. I use samba server 3.0.33 on CentOS 4.8 joined to Windows 2003 domain. Everything works fine, all users are authenticated to domain controller. My aim is to give FULL ACCESS (open/read/write/rename/delete..) to directory "testdir" to two users, john and mark without using groups because I have no permissions on domain controller (only add server to domain). Permissions of "testdir": getfacl testdir # file: testdir # owner: techadmin # group: root user::rwx user:john:rwx user:mark:rwx group::rwx mask::rwx other::--- default:user::rwx default:user:john:rwx default:user:mark:rwx default:mask::rwx default:other::--- The problem is that users john and mark have rwx permissions, they are able to create file, modify but _not_ delete neither rename the file under "testdir". Only owner of the directory "testdir" - user techadmin is able to delete/rename files under directory. As far as I know, only owner of the up level directory can delete or rename file(s). The question is: how is possible to allow both users to delete/modify files under "testdir" directory without using (domain) groups ? Filesystem ext3 is mounted with ACL options, SELinux enabled, audit.log has not deny entries, and the configuration of samba is following: [global] workgroup = ad server string = Intranet netbios name = IS follow symlinks=yes inherit permissions = no realm = AD.DOMAIN.ORG server signing = auto security = ads password server = 10.20.30.40 encrypt passwords = yes socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 local master = no domain master = no preferred master = no dns proxy = no idmap uid = 16777216-33554431 idmap gid = 16777216-33554431 template shell = /bin/false winbind use default domain = no [tech] comment = Technical department path = /var/opt/intranet/tech public = yes writable = yes create mask = 0664 directory mask = 0775 browseable = yes Thanks, Krigler Pavol -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
|
Pages: 1 Prev: [Samba] Which version of CTDB Next: Which version of CTDB |