我在“sambashare”组中有一些用户,在“sambashareAdmin”组中有一些用户。只有“sambashareAdmin”组的用户才被允许更改/创建内容。
所有文件都应属于 haegarthehorrible:sambashare。无论我是在服务器上创建它们还是将它们移动/复制到服务器。
问题是,如果 Windows 工作站用户(天堂)执行此操作,则所有文件都会获得组 (670/-rw-rwx---) 的执行权限,而不是 660/-rw-rw----。
我尝试在 samba 中使用 yes 和 no 来“遵守 pam 限制”,这没有什么区别。我还尝试了“创建掩码”和“目录掩码”或“强制创建模式和“强制目录模式”或两者一起尝试。
我尝试了 chmod g+s 和 g+s,u+s。
我尝试过复杂的东西,例如:
~$ sudo chmod -R a-x,u=rX,g=rX,u+w,g+w /mnt/pool/Share/Backup
~$ sudo chmod -R a-x,u=rwX,g=rwX /mnt/pool/Share/Backup
而且有趣的是,如果我使用“rwX”而不是“rw”(chmod 或 setfacl),我会在所有者权限上执行。我以为 X 只在目录上设置它?
所以现在看起来非常复杂,但仍然不起作用。请记住,这些都是已包含文件/目录的目录。
~$ sudo nano /etc/samba/smb.conf
[global]
server string = Harvester
server role = standalone server
server min protocol = SMB2
workgroup = WORKGROUP
interfaces = lo enp0s31f6
bind interfaces only = yes
logging = file
log file = /var/log/samba/log.%m
max log size = 1000
load printers = no
show add printer wizard = no
disable netbios = yes
dns proxy = no
deadtime = 30
smb ports = 445
smb encrypt = off
security = user
obey pam restrictions = yes
panic action = /usr/share/samba/panic-action %d
use sendfile = yes
directory mask = 2750
create mask = 0640
access based share enum = yes
map to guest = bad user
guest account = shareguest
[Backup]
path = /mnt/pool/Share/Backup
guest ok = no
browseable = no
create mask = 0660
directory mask = 2770
force group = sambashare
force user = haegarthehorrible
write list = @sambashareAdmin
valid users = haegarthehorrible paradise
inherit acls = Yes
设置权限:
~$ sudo chown -R haegarthehorrible:sambashare /mnt/pool/Share/Backup
~$ sudo setfacl -R -b -k -n /mnt/pool/Share/Backup # Remove ACL
~$ sudo chmod -R g+s,u+s /mnt/pool/Share/Backup
~$ sudo chmod 0770 /mnt/pool/Share/Backup
~$ sudo find /mnt/pool/Share/Backup -type f -exec chmod 660 {} \;
~$ sudo find /mnt/pool/Share/Backup -type d -exec chmod 2770 {} \;
~$ sudo setfacl -R -d -m u::rw,g::rw,u:haegarthehorrible:rw,g:sambashareAdmin:rw /mnt/pool/Share/Backup # ACL for new items
~$ sudo setfacl -R -m u:haegarthehorrible:rw,g:sambashareAdmin:rw /mnt/pool/Share/Backup # ACL for old/existing items
sambashare管理员成员:
~$ members sambashareAdmin
haegarthehorrible paradise
桑巴共享成员:
~$ members sambashare
shareguest watcher
共享根文件夹权限:
~$ ls -ld /mnt/pool/Share
drwxr-xr-x 7 root root 4096 Aug 7 2023 /mnt/pool/Share
~$ stat /mnt/pool/Share
Access: (0755/drwxr-xr-x) Uid: (0/root) Gid: (0/root)
~$ getfacl /mnt/pool/Share
# file: mnt/pool/Share
# owner: root
# group: root
user::rwx
group::r-x
other::r-x
分享权限:
~$ ls -ld /mnt/pool/Share/Backup
drwsrws---+ 5 haegarthehorrible sambashare 4096 Apr 25 2022 /mnt/pool/Share/Backup
~$ stat /mnt/pool/Share/Backup
Access: (6770/drwsrws---) Uid: (1000/haegarthehorrible) Gid: (996/sambashare)
~$ getfacl /mnt/pool/Share/Backup
# file: mnt/pool/Share/Backup
# owner: haegarthehorrible
# group: sambashare
# flags: ss-
user::rwx
group::rwx
other::---
default:user::rw-
default:user:haegarthehorrible:rw-
default:group::rw-
default:group:sambashareAdmin:rw-
default:mask::rw-
default:other::---
文件权限:
~$ ls -l /mnt/pool/Share/Backup/Test.txt
-rw-rwx---+ 1 haegarthehorrible sambashare 0 Feb 11 07:18 /mnt/pool/Share/Backup/Test.txt
~$ stat /mnt/pool/Share/Backup/Test.txt
Access: (0670/-rw-rwx---) Uid: (1000/haegarthehorrible) Gid: (996/sambashare)
~$ getfacl /mnt/pool/Share/Backup/Test.txt
# file: mnt/pool/Share/Backup/Test.txt
# owner: haegarthehorrible
# group: sambashare
user::rw-
user:haegarthehorrible:rw-
group::rw-
group:sambashare:rw-
group:sambashareAdmin:rw-
mask::rwx
other::---