View Single Post
  #1   (View Single Post)  
Old 1st April 2009
da1 da1 is offline
Fdisk Soldier
 
Join Date: Feb 2009
Location: Berlin, DE
Posts: 49
Default ACL, Samba ACL, FTP acl

Hell-o you gurus

First, grab a cup of tea/coffee, because this is a long reading.

Info:
FreeBSD 7.1-STABLE
pure-ftpd-1.0.21_4
samba-3.2.8

Now, starting from the tail, this is what I, eventually, want to get at: several accounts (ftpadmin, smbadmin and some more limited ftp accounts) that all have the same parent folder (and some child folders as well) and wich each cp/mv action whatever account makes, all files *will* eventually end up on disk with root:wheel ownage and 770 perm.

I have a folder named /mnt. On this folder I enabled acl.
Code:
# file: mnt
# owner: root
# group: wheel
user::rwx
user:root:rwx
user:smbadmin:rwx
user:ftpadmin:rwx
group::---
mask::rwx
other::---
ls -allh
Code:
drwxrwx---+  8 root  wheel      512B Apr  1 14:18 mnt
As you can see I have a "smbadmin" account. This account has rwx and this it what it does. Together with samba's mod-acl (or whatever it's called) it allowes me to rwx files from a win xp box. Also, when I copy files through samba, files end up with parent unix folder permisions, ownage (root:wheel and 770 - this is recursively ) and also inherit ACL. (viewable as the "+" thinghy). I whant the same for the "ftpadmin" account.

1)Now, thinking samba-like, beetween ftp and the sistem acl there should be a midleman (like samba mod-acl) that converts file ownage from smbadmin(eventually ftpadmin) to root:wheel. Had no luck with that, didn't find no modules/script capable of that.Maybe samba works in some other way that I didn't figure out.

2)Next, I've read about execution bits and applyes these commands
Code:
chmod -R u+s /mnt
chmod -R g+s /mnt
This thing half-solved the problem. In the way that all files/folders created ftom ftp (ftpadmin) ended up on disk being owned by the "wheel" group. Unfortunatelly, the user remained "ftpadmin", and did not inherit ACL (no "+" at end of file permision on "ls -all") No luck with this one either. Maybe misread/misinterprited/misapplyed these commands?

3)Next, followed the crumbs of a ACL permision inheritance for newly created/cp'd/mv'd files. Did some reading and found a thing that I think will solve all my problems, the "default:user::" ACL entry. Unfortunatelly, in FreeBSD this is incorect. I latter read/succesfully tryed these settings on solaris.

So you see, I'm in a bit of a confused state of mind. Have no ideea wich path to take (the ftp samba-like midleman, the chmod way, or maybe the 3rd way of forcing all new files in the /mnt folder to have specific ownage and permisions). To my brain, the 3rd way should be the way to go, but am in definatelly need of some guidance/books something.

In other words...uhm... help !?

Last edited by da1; 1st April 2009 at 07:29 PM.
Reply With Quote