Linux Archive

Linux Archive (http://www.linux-archive.org/)
-   Gentoo User (http://www.linux-archive.org/gentoo-user/)
-   -   Finely tuning access permissions (in Samba) (http://www.linux-archive.org/gentoo-user/3777-finely-tuning-access-permissions-samba.html)

Mick 11-23-2007 06:56 PM

Finely tuning access permissions (in Samba)
 
Hi All,

I am trying to setup access permissions for a Samba file server and have so
far done this much;

chmod -R ug+rwxs,o-r+x /data

The three MS Windows users on the server (george, viki & cad) can all create
files and delete their own, but cannot delete a file that they have not
created themselves. I want to make (only) george able to delete files that
he has not created himself. How can I achieve that, without using ACLs - I
will be setting up some tar, or rsync based back-up policy which I think does
not retain POSIX ACLs.
--
Regards,
Mick

Dan Farrell 11-26-2007 05:23 PM

Finely tuning access permissions (in Samba)
 
On Fri, 23 Nov 2007 19:56:59 +0000
Mick <michaelkintzios@gmail.com> wrote:

> Hi All,
>
> I am trying to setup access permissions for a Samba file server and
> have so far done this much;
>
> chmod -R ug+rwxs,o-r+x /data
>
> The three MS Windows users on the server (george, viki & cad) can all
> create files and delete their own, but cannot delete a file that they
> have not created themselves. I want to make (only) george able to
> delete files that he has not created himself. How can I achieve
> that, without using ACLs - I will be setting up some tar, or rsync
> based back-up policy which I think does not retain POSIX ACLs.

what you're seeing sounds like the functionality of sticky bit on a
directory. If that is the case (it is operating behind samba, if so)
perhaps this blip from wikipedia will be useful.

http://en.wikipedia.org/wiki/Sticky_bit :
| The most common use of the sticky bit today is on directories, where,
| when set, items inside the directory can be renamed or deleted only by
| the item's owner, the directory's owner, or the superuser (Without the
| sticky bit set, a user with write and execute permissions for the
| directory can rename or delete any file inside, regardless of the
| file's owner.)

combining this idea with the unix filesystem permissions concept, I
would say make george the owner of the directory. The sticky bit isn't
very flexible in that the group of the directory can't overwrite
the files in that directory if the sticky bit is set.

good luck.
--
gentoo-user@gentoo.org mailing list


All times are GMT. The time now is 12:46 AM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.