我正在运行 Samba 服务器(版本 3.5.6)。文件共享是好的直到我意识到 Samba 在另一个用户(不是原主人admin users
) 编辑文件并保存。如果我设置了参数来管理共享,则尤其如此。
奇怪的是仅文件所有权发生变化,但“目录所有权”保持不变(这是可取的):)
force user
和之类的选项force group
在这里不起作用,因为共享目录有属于许多用户的不同子目录。
共享的配置如下
[staff]
comment = "Staff members only"
path = /path/to/staff
browseable = yes
valid users = @staff, @managers, @moderators
write list = @staff, @managers
create mask = 0640
directory mask = 0750
admin users = @moderators`
如你所见,上述群组中的成员可以读取其他群组的数据,但是仅有的的成员@moderators可以更改文件和目录。
问题出现在@moderators修改文件(不是目录)属于另一个用户(属于@职员或者@经理),该文件的所有权将变为根!!! 也就是完全不受欢迎。
我希望保留该文件的所有权给其原始创建者,即使@moderators修改它。我该如何实现这个目标???
提前感谢您。
答案1
不要使用“管理员用户”进行文件修改,因为此设置的成员在文件系统上以 root 身份操作。引用 smb.conf 手册页:
管理员用户 (S) 这是将被授予共享管理权限的用户列表。这意味着他们将以超级用户 (root) 的身份执行所有文件操作。您应该非常谨慎地使用此选项,因为此列表中的任何用户都可以在共享上执行任何他们想执行的操作,而不管文件权限如何。
答案2
我认为您要查找的参数是继承所有者 (S)。以下是 smb.conf 5 手册页中的描述
inherit owner (S)
The ownership of new files and directories is normally governed by effective uid of the connected user.
This option allows the Samba administrator to specify that the ownership for new files and directories
should be controlled by the ownership of the parent directory.
Valid options are:
• no - Both the Windows (SID) owner and the UNIX (uid) owner of the file are governed by the
identity of the user that created the file.
• windows and unix - The Windows (SID) owner and the UNIX (uid) owner of new files and
directories are set to the respective owner of the parent directory.
• yes - a synonym for windows and unix.
• unix only - Only the UNIX owner is set to the UNIX owner of the parent directory.
Common scenarios where this behavior is useful is in implementing drop-boxes, where users can create and
edit files but not delete them and ensuring that newly created files in a user's roaming profile directory
are actually owned by the user.
The unix only option effectively breaks the tie between the Windows owner of a file and the UNIX owner. As
a logical consequence, in this mode, setting the the Windows owner of a file does not modify the UNIX
owner. Using this mode should typically be combined with a backing store that can emulate the full NT ACL
model without affecting the POSIX permissions, such as the acl_xattr VFS module, coupled with
acl_xattr:ignore system acls = yes. This can be used to emulate folder quotas, when files are exposed only
via SMB (without UNIX extensions). The UNIX owner of a directory is locally set and inherited by all
subdirectories and files, and they all consume the same quota.
Default: inherit owner = no
以下是设置权限的一些其他参数:
创建掩码、目录掩码、强制创建模式、强制目录模式、继承权限(S)