This user guide provides instructions on how to deploy and configure both a StoneFly Scale Out NAS Enterprise Cloud Drive virtual machine and Veeam Cloud Connect in the Microsoft Azure Cloud.
Course Of The Month
6 days, 17 hours left to enrollBecome a Premium Member and unlock a new, free course in leading technologies each month.
Solved
Ubuntu File Server, Permission Problems !
Posted on 2012-12-31
I have a remote file server running Ubuntu 10.04 but really and (I mean REALLY) struggling in getting the permissions set correctly..
I have users A,B,C,D.
User A is in groups admin and lxusers.
Users B,C,D are in the group lxusers.
I have a root share called 'Shared Folder' currently owner root & group is admin. I want users to be able to create sub folders and files inside 'Shared Folder'. The user that creates folders and files will be the owner and those folders and files they create will inherit the parents group of admin. I only want the owner & members of the admin group to be able to delete any of the folders or files created, I am happy enough for any of the lxusers group to read anything thats created by any user.
This so far appears to be working to a point, but I do have one problem that is causing me real grief. If any user in the lxusers group creates a folder then files inside that folder, other users can delete the files but not the folder.. Just can't work out where I have gone wrong, advice to resolve would be appreciated..
Entry in smb.conf:-
[Shared Folder]
browseable = yes
writeable = yes
invalid users = root
path = /mnt/raid/Shared
comment = Shared folder for All Users
valid users = @admin,@lxusers
create mode = 0774
directory mode = 0774
force group = admin
Kind Regards
John
DirPermissions.jpg
FilePermissions.jpg
I have users A,B,C,D.
User A is in groups admin and lxusers.
Users B,C,D are in the group lxusers.
I have a root share called 'Shared Folder' currently owner root & group is admin. I want users to be able to create sub folders and files inside 'Shared Folder'. The user that creates folders and files will be the owner and those folders and files they create will inherit the parents group of admin. I only want the owner & members of the admin group to be able to delete any of the folders or files created, I am happy enough for any of the lxusers group to read anything thats created by any user.
This so far appears to be working to a point, but I do have one problem that is causing me real grief. If any user in the lxusers group creates a folder then files inside that folder, other users can delete the files but not the folder.. Just can't work out where I have gone wrong, advice to resolve would be appreciated..
Entry in smb.conf:-
[Shared Folder]
browseable = yes
writeable = yes
invalid users = root
path = /mnt/raid/Shared
comment = Shared folder for All Users
valid users = @admin,@lxusers
create mode = 0774
directory mode = 0774
force group = admin
Kind Regards
John
DirPermissions.jpg
FilePermissions.jpg
[X]
Welcome to Experts Exchange
Add your voice to the tech community where 5M+ people just like you are talking about what matters.
- Help others & share knowledge
- Earn cash & points
- Learn & ask questions
-
6
-
4
10 Comments
Active 1 day ago
What are the permissions on the folder?
You are forcing the files to be created with the group admin
You should use setfacl to include.
Not you would need to periodically rerun the setfacl directive to attach to changed files.
Group permissions of 7 (rwx) on file creation. What is it you want? Do you want files created to have permissions of 644?
You can have directory 0770 while create mode of 750?
You should create yet another test share and try to vary your settings.
You are forcing the files to be created with the group admin
You should use setfacl to include.
Not you would need to periodically rerun the setfacl directive to attach to changed files.
Group permissions of 7 (rwx) on file creation. What is it you want? Do you want files created to have permissions of 644?
You can have directory 0770 while create mode of 750?
You should create yet another test share and try to vary your settings.
Arnold, thank for the help.
The result of ls -l on the Shared folder is:-
drwxrwsr-T 45 root admin 4096 2012-12-31 13:48 Shared
HTH
The result of ls -l on the Shared folder is:-
drwxrwsr-T 45 root admin 4096 2012-12-31 13:48 Shared
HTH
Active 1 day ago
Ok, getfacl Shared.
The group permission of 7 is what lets users delete files since any valid user runs with admin group membership.
The group permission of 7 is what lets users delete files since any valid user runs with admin group membership.
Arnold, The new share I created to play with is called NewSharedFolder.
UserA (thats me) is a member of the admin group I can confirm I can access the folder just fine. Users B,C,D do not now have access to the folder..
I post another result of getfacl for the NewSharedFolder..
Thank you
putty.log
UserA (thats me) is a member of the admin group I can confirm I can access the folder just fine. Users B,C,D do not now have access to the folder..
I post another result of getfacl for the NewSharedFolder..
Thank you
putty.log
Active 1 day ago
Have a happy new year as well.
At this point the getfacl repors the default (chmod 775 for root:admin)
Make sure when you define this new share, do not force admin as the default group for access while including your valid users @admin,@lxusers
The groupIDof(group) needs to be replaced with the numeric value of the group based on /etc/group
setfacl -R -m g:groupIDof(lxusers):rwx NewSharedFolder
The above will add read/write/execute rights
-R means apply the change recursively.
You would need to schedule the rerunning of this on a regular basis to update rights.
At this point the getfacl repors the default (chmod 775 for root:admin)
Make sure when you define this new share, do not force admin as the default group for access while including your valid users @admin,@lxusers
The groupIDof(group) needs to be replaced with the numeric value of the group based on /etc/group
setfacl -R -m g:groupIDof(lxusers):rwx NewSharedFolder
The above will add read/write/execute rights
-R means apply the change recursively.
You would need to schedule the rerunning of this on a regular basis to update rights.
Thank you Arnold. I have implemented this but one problem, the lxuser group can now indeed write folders and files to this NewSharedFolder but there seems to be no sticky set ie any member of the lxusers group can delete any other users folder/files. I wish only the owner AND a member of the admin group be allowed to delete folders and files.
Sorry for the headache !
Sorry for the headache !
Active 1 day ago
If the lxuser group member needs only the ability to read, change the setfacl to read/execute only for this group
setfacl -R -m g:gid_lxusers:rx NewShareFolder
This way lxusers can read, but can not write nor delete.
Filesystem level restriction do not have the functionality you want, you need to look at document management system that will have the granular control I.e. will allow creation of files, but not deletion of other users files.
setfacl -R -m g:gid_lxusers:rx NewShareFolder
This way lxusers can read, but can not write nor delete.
Filesystem level restriction do not have the functionality you want, you need to look at document management system that will have the granular control I.e. will allow creation of files, but not deletion of other users files.
Featured Post
Microsoft Azure is rapidly becoming the norm in dynamic IT environments. This document describes the challenges that organizations face when protecting data in a hybrid cloud IT environment and presents a use case to demonstrate how Acronis Backup protects all data.
Question has a verified solution.
If you are experiencing a similar issue, please ask a related question
Suggested Solutions
| Title | # Comments | Views | Activity |
|---|---|---|---|
| Disabling security updates Ubuntu | 3 | 66 | |
| SSH in linux | 9 | 93 | |
| RPM creation | 6 | 48 | |
| database connection error mysql stops | 7 | 82 |
If you have a server on collocation with the super-fast CPU, that doesn't mean that you get it running at full power.
Here is a preamble. When doing inventory of Linux servers, that I'm administering, I've found that some of them are running on l…
Google Drive is extremely cheap offsite storage, and it's even possible to get extra storage for free for two years. You can use the free account 15GB, and if you have an Android device..when you install Google Drive for the first time it will give…
Connecting to an Amazon Linux EC2 Instance from Windows Using PuTTY.
In a previous video, we went over how to export a DynamoDB table into Amazon S3. In this video, we show how to load the export from S3 into a DynamoDB table.
Suggested Courses
Course of the Month6 days, 17 hours left to enroll
732 members asked questions and received personalized solutions in the past 7 days.
Join the community of 500,000 technology professionals and ask your questions.