| View previous topic :: View next topic |
| Author |
Message |
BigBeer
n00b
Joined: 18 Oct 2004
Posts: 40
|
 Posted: Tue Feb 14, 2006 12:19 am Post subject: Samba, Active Directory, and Permissions [SOLVED] |
 |
|
Ok here is the setup, it might make your head hurt.
I have samba joined to my Active Directory and mapping the AD users with winbind. <- Works good!
I am attempting to make a shared directory that any user can read, but only members of a certian AD security goup can write to.
I would like to preserve file ownership so only the user that created the file can write to it.
I also want people to be able to write to a sub dir that anyone creates, but I want to preserve file ownership inside that sub dir.
Examples:
Bob makes a file, Alice can read it.
Only Bob can make changes/del the file.
Bob and Alice can both write to share because the are in the same department.
If Bob makes a folder called "Reports" inside the share, Alice can save file(s) inside the folder, but only she can make changes/del the file(s).
Chuck, who isn't in the same department has read only access to everything.
Clear as mud ??
I have the following in my smb.conf
| Code: |
[Share Folder]
comment = Folder
create mask = 755
directory mask = 775
path = /mnt/somedir
write list = @DOMAIN+write-group
|
permissions of /mnt/somedir are
| Code: |
drwxrwxr-x 4 root DOMAIN+write-group <date> somedir
|
The correct unix permissions get set on the files and subdirectories, but individual ownership of files amongst the DOMAIN+write-group doesn't work through samba.
A file in the dir looks like:
| Code: |
-rwxr--r-- DOMAIN+bob DOMAIN+domain users 0 <date> file.txt
|
Which looks good to me
So.....
Chuck can read everything fine, and can't write.
Alice and Bob can write to sub dirs each creates.
BUT Alice can del Bob's files, and vice-versa.
I susspect it is the "write list" setting in my smb.conf, but for the life of me I can't figure out another way to set it up.
Any thoughts?
--BigBeer
Last edited by BigBeer on Tue Feb 14, 2006 6:15 pm; edited 1 time in total |
|
| Back to top |
|
 |
BigBeer
n00b
Joined: 18 Oct 2004
Posts: 40
|
| Posted: Tue Feb 14, 2006 4:41 pm Post subject: |
|
|
The strangeness continues....
If I chmod 700 a file in the directory, other users can not read it, but they can still delete it.
Maybe I am missing something in basic unix file permissions for the root directory. |
|
| Back to top |
|
|
JeliJami
Veteran
Joined: 17 Jan 2006
Posts: 1086
Location: Belgium
|
| Posted: Tue Feb 14, 2006 4:46 pm Post subject: |
|
|
it doesn't realy matter what the permissions of a file are, when it comes to deleting it:
as long as you have write permissions on the directory that holds the file, you can delete it
deleting does not change the file, but it changes the directory
hence, you need write permission on the dir
_________________
Unanswered Post Initiative | Search | FAQ
Former username: davjel |
|
| Back to top |
|
|
BigBeer
n00b
Joined: 18 Oct 2004
Posts: 40
|
| Posted: Tue Feb 14, 2006 6:14 pm Post subject: |
|
|
The answer for my situation was the sticky bit.
After I set it to the root directory, and added it to my dir create mask, my permissions acted like I expected. |
|
| Back to top |
|
|
|
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
|
|
Networking & Security
