LINUX.ORG.RU

Samba: acl, inherit permissions и наследование файлами execute bit

 , ,


0

1

Возможно ли добиться создания файлов с правами 660, включая acl, при включённых inherit acls, inherit owner и inherit permissions, если у родительской директории 750?

map archive = no частично решает проблему — файлам устанавливаются 660, но acl при этом продолжают наследоваться от директории (750).

Вот так примерно это выглядит:

$ getfacl directory/
# file: directory/
# owner: user
# group: user
user::rwx
user:ipetrov:rwx
group::rwx
group:sambashare:r-x
mask::rwx
other::---

$ getfacl directory/file.txt 
# file: directory/file.txt
# owner: user
# group: user
user::rw-
user:ipetrov:rwx
group::rw-
group:sambashare:r-x
mask::rwx
other::---

Текущий smb.conf:

[global]
  read raw = no
  workgroup = WORKGROUP
  netbios name = server
  server string = %h server (Samba, Ubuntu)
  wins support = yes
  name resolve order = wins lmhosts hosts bcast
  dns proxy = no
  log file = /var/log/samba/log.%m
  max log size = 1000
  panic action = /usr/share/samba/panic-action %d
  server role = standalone server
  passdb backend = tdbsam
  obey pam restrictions = yes
  unix password sync = yes
  passwd program = /usr/bin/passwd %u
  passwd chat = *Enter\snew\s*\spassword:* %n\n *Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* .
  pam password change = yes
  map to guest = bad user
  security = user
  map acl inherit = yes
[share]
   path = /home/user/share
   guest ok = no
   browseable = no
   writeable = yes
   map archive = no
   inherit acls = yes
   inherit owner = yes
   inherit permissions = yes
   hide unreadable = yes
   vfs objects = recycle full_audit
   recycle:repository = .recycle/%U
   recycle:directory_mode = 0770
   recycle:versions = Yes
   recycle:touch = yes
   recycle:maxsize = 1048576000
   recycle:exclude = ?~$*, ~$*, ~*, *.bak, *.iso, *.lnk, *.temp, *.tmp, *.TMP, *.vib, *.vb?
   recycle:exclude_dir = tmp,temp,cache
   full_audit:prefix = %u|%I|%m|%S
   full_audit:success = connect disconnect open mkdir rename link unlink rmdir pwrite
   full_audit:failure = none
   full_audit:facility = local7
   full_audit:priority = NOTICE

Вы не можете добавлять комментарии в эту тему. Тема перемещена в архив.