By Date:	<-- -->
By Thread:	<-- -->

write list, read list, admin list does not work as expected

From: "Voelz Alexander" <Alexander.Voelz (at) P7S1Produktion.de>
Date: Thu, 4 Jan 2007 15:44:50 +0100

Dear group,

my understanding on how read, write and admin access of a share work,
differs from what I observe4.

What I understood from the documentation is that
*	if there's a read list the users in this list have ONLY read
access, no matter what the unix file/dir bits say
*	the read list ist superceded by the write list. Users can write
IF the underlying unix-FS permits it.
*	admin users have rw-access to every-file, no matter who the
owner is.

I am asking, because what I want is
*	Group A with admin access, so they can delete ALL files, no
matter who created them,
*	Group W with write access, with every user able to create files,
and able to delete his own, only,
*	Group R with read-only access. These users should only be able
to SEE what the others wrote.

In my samba-config it says:
*	write list   =  (at) W
*	admin users  =  (at) A
*	read list    =  (at) R
*	force create mode = 775
*	force directory mode = 755 # default

I have a directory which has the unix bits 777:
*	drwxrwxrwx+ 2 vjuser vjusers 8192 Jan  4 10:32 Archive

But smbcacls says:
	> smbcacls //serverA/share Archive -U "DOMAIN/vo03a"
	OWNER:serverA\vjuser
	GROUP:serverA\vjusers
	ACL:DOMAIN\W:ALLOWED/3/READ
	ACL:DOMAIN\A:ALLOWED/3/FULL
	ACL:DOMAIN\R:ALLOWED/3/READ
	ACL:serverA\vjuser:ALLOWED/0/FULL
	ACL:serverA\vjusers:ALLOWED/0/READ
	ACL:\Everyone:ALLOWED/0/FULL
	ACL:\CREATOR OWNER:ALLOWED/11/FULL
	ACL:\CREATOR GROUP:ALLOWED/11/READ
	ACL:\Everyone:ALLOWED/11/


And I can't change this with smbcacls:

vo03a is Member of A:
	> getent group A
	
A:x:16782746:xx55x,ha06t,vo03a,ju02i,bri0002k,pos0002s,kn01r,ni05s

xxx0422z is Member of W:
	> getent group W
	W:x:16782751:xxx0422z

Did I at least understand the purpose of the different lists right?
Anyone with experience using these lists?

I don't think it matters, but the domain is a win2000SP1 domain, serverA
is just samba, no domain function. The groups are defined at domain
Level, as the users are.

Any advice is appreciated.

Regards,
Alexander
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Prev by Date: Samba and multiple ADS auth servers. RTFM ? Or NA ?
Next by Date: AW: users via winbind and using (at) group in smb.conf
Previous by thread: Samba and multiple ADS auth servers. RTFM ? Or NA ?
Next by thread: Samba FAST upload, SLOW download?!
Index(es):
- Main
- Thread