editing ACL

Issues related to configuring your network
pjwelsh
Posts: 2629
Joined: 2007/01/07 02:18:02
Location: Central IL USA

Re: editing ACL

Post by pjwelsh » 2007/01/30 15:17:52

[quote]
kkjensen wrote:
Thanks for the replies.

pjwelsh: I have read about the mask and thought it was just for LIMITING access. For example if the mask is rw- and I have explicit rwx then the mask takes over and knocks me down to rw-. Is it the same for adding permissions? If so, this is exactly what I was looking for. [/quote]

"create mask" is realy synonym for "create mode" for SETTING access. This older thread has always been very useful:
http://lists.samba.org/archive/samba/2003-March/063429.html

[quote]
arrfab: I'm still pretty new at linux...aside from "man " is there somewhere in particular things are docuemented in detail? Searching the web and forums every time proves to be time consuming when I need something as simple as "create mask = 0770" [/quote]

@arrfab is correct, install this web/gui utility WILL be very good for you. So, you (as root) should run "yum -y install samba-swat" and then follow some directions like:
http://www.samba.org/samba/docs/man/Samba-HOWTO-Collection/SWAT.html

But, google will still be your best friend ;)

kkjensen
Posts: 13
Joined: 2007/01/24 18:12:58
Contact:

Re: editing ACL

Post by kkjensen » 2007/01/30 15:43:08

Does SWAT overwrite files? I have heard about it but with the smb.conf file I've put together and people working off of the server now, I didn't dare start tinkering with things as we've already had nearly 3 weeks of downtime since our old server died and the new one was shipped and configured.

I guess I would also need a web server...would that be simply "yum install httpd"? I used the CentOS Server install disk that put on the bare minimum and I remember removing the web server and ftp servers. I only left ssh and samba. I'll test swat on my testrig.

pjwelsh
Posts: 2629
Joined: 2007/01/07 02:18:02
Location: Central IL USA

Re: editing ACL

Post by pjwelsh » 2007/01/30 15:53:54

Yum in actually pretty good at figuring out package dependencies itself. If samba-swat need httpd, then yum will add it to the list for you...

Yes, samba-swat *CAN* overwrite files. It is a gui config file generator after all. I suggest making sure that you have backups (pl) of your /etc/samba dir in case of issue. (but SWAT is realy good at doing the "right" thing).

kkjensen
Posts: 13
Joined: 2007/01/24 18:12:58
Contact:

Re: editing ACL

Post by kkjensen » 2007/01/30 16:08:45

I'll have to wait to test swat...my test machine is a bit busy with a Scalix groupware installation right now.


Where is the best place to find documentation on samba configuration options? I've got it already configured to 99% of what I want...it might be less of a headache to just add what I need and leave it be.

thanks again for the help.

gerald_clark
Posts: 10642
Joined: 2005/08/05 15:19:54
Location: Northern Illinois, USA

Re: editing ACL

Post by gerald_clark » 2007/01/30 16:17:15

You do not need a webserver.
Swat will not save changes unless you click the save changes button.

kkjensen
Posts: 13
Joined: 2007/01/24 18:12:58
Contact:

Re: editing ACL

Post by kkjensen » 2007/01/30 20:36:19

I've installed swat and then realized that I don't have xwindows on the machine...

I've tried playing with the directory security mask and security mask parameters in smb.conf but they both seem to only limit access...not give it. Currently by default I'm getting -rwxr-xr-x on all my files and I need it to be -rwxrwx---. I can remove the "everyone" permissions with the mask but cannot add the write permission for the file's group.

I wish I could find someplace/someway to change these default permissions given to new files to 777 instead of 755...the mask could then be easily configured to skim off whatever excess permissions there were.

I'm just on my way out the door right now but I came across something that might be the ticket I'm looking for: Parameters "Force create mode" and "Force directory mode" might do it...I'll test tomorrow.

arrfab
Site Admin
Posts: 876
Joined: 2005/01/03 21:30:54
Location: /country/belgium
Contact:

Re: editing ACL

Post by arrfab » 2007/01/30 20:50:00

[quote]
pjwelsh wrote:
@arrfab is correct, install this web/gui utility WILL be very good for you....[/quote]
To clarify this : i've never said that swat was the way to go .... ;-)
Swat will be removed from Samba4 anyway because all samba developers consider swat a crap ....
I still consider that the magical potion is the following :
- read the documentation (very well documented on the samba website)
- use the UUCT (Universal Unix Configuration Tool ... aka VI)

gerald_clark
Posts: 10642
Joined: 2005/08/05 15:19:54
Location: Northern Illinois, USA

Re: editing ACL

Post by gerald_clark » 2007/01/30 21:33:24

You can edit /etc/xinetd.d/swat
and comment out the line
only_from = 127.0.0.1

then service xinetd restart

Now you can connect to swat from another machine on your network.

http://yourmachine:901

When you are done:
chkconfig swat off
service xinetd restart

kkjensen
Posts: 13
Joined: 2007/01/24 18:12:58
Contact:

Re: editing ACL

Post by kkjensen » 2007/01/31 19:03:19

I ended up reading up on what all the parameters do. I need -rwxrwx--- for defaults and the following did the trick in the parameters of the share:

[code]force create mode = 0770
force directory mode = 0770[/code]

I had tried fooling around with "inherit permissions" "dos director mode" and a few others but never got quite the result I was looking for.

Thanks for the posts and help!

Post Reply

Return to “CentOS 4 - Networking Support”