[Gllug] Getting required read / write / access permissions

Philip Hands phil at hands.com
Wed Apr 6 12:19:59 UTC 2011


On Wed, 6 Apr 2011 12:37:52 +0100, Bruce Richardson <itsbruce at workshy.org> wrote:
> On Wed, Apr 06, 2011 at 11:49:00AM +0100, Philip Hands wrote:
> > On Wed, 6 Apr 2011 10:00:18 +0100, Bruce Richardson <itsbruce at workshy.org> wrote:
> > > On Wed, Apr 06, 2011 at 09:40:04AM +0100, Chris Bell wrote:
> > ...
> > > > Individual users need to be able to create sub-directories and
> > > > new files. [ snip ] It would be best if shared files can not be
> > > > deleted once created.
> > > 
> > > That last bit is simply not possible.  If users have sufficient
> > > permissions to create files, they have sufficient to delete them.
> > 
> > While that may be true from the unix file system point of view, you can
> > do it in samba, as shown in this thread:
> > 
> >   http://lists.samba.org/archive/samba/2008-September/143599.html
> 
> If ownership of the files is forced to a special user other than the
> creating user and group ownership to a shared group, that will work *as
> long as* nobody is accessing the filesystem by any method other than
> Samba.  However, it will break some commonly-used Windows applications
> when they find they can't rename files they just created.  If the owning
> UID isn't changed, then the original creator of the file will be still
> able to delete it.

You appear to be criticising the other solution mentioned, whereas the
one you quote is making use of ACLs via setfacl.  The point about failed
renames is probably valid either way, unless one provides the right to
delete via some sort of pattern match -- can 'doze not be encouraged to
write the temporary files to a scratch area before renaming them?

Cheers, Phil.
-- 
|)|  Philip Hands [+44 (0)20 8530 9560]    http://www.hands.com/
|-|  HANDS.COM Ltd.                    http://www.uk.debian.org/
|(|  10 Onslow Gardens, South Woodford, London  E18 1NE  ENGLAND
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 851 bytes
Desc: not available
URL: <http://mailman.lug.org.uk/pipermail/gllug/attachments/20110406/bb584b91/attachment.pgp>
-------------- next part --------------
--
Gllug mailing list  -  Gllug at gllug.org.uk
http://lists.gllug.org.uk/mailman/listinfo/gllug


More information about the GLLUG mailing list