[ILUG] Filesystem ACLs versus permissions in smb.conf
Gavin McCullagh
gmccullagh at gmail.com
Sat Dec 4 09:44:54 GMT 2010
Hi,
On Sat, 04 Dec 2010, Paul Murray wrote:
> Yet, as I found out today, if you sftp a file into a samba share as
> root, the samba user can only access it readonly! Seems to support
> Lisa's assertion that filesystem permissions will overide samba's
> acls.
As I understand it:
Samba usually translates between CIFS and unix ACLs. So, if you set
permissions on the filesystem, it's not that they over-ride the samba ACLs,
it's that they are the ACLs. If you set read access on a windows
workstation, samba will set that ACL on the filesystem. The trouble is
that the three bits (rwx) on a unix filesystem aren't sufficient to store
the full details of Windows ACLs. For example, you can't really store the
delete ACL, on a samba+unix filesystem (though in principal if you used an
NTFS filesystem on linux, you should be able to).
http://www.samba.org/samba/docs/man/Samba-HOWTO-Collection/AccessControls.html#id2614541
This all assumes you have ACL support enabled on your filesystem. If you
don't, you can only have one user and group ACL.
Gavin
More information about the ILUG
mailing list