* martin f krafft schrieb am 26.10.04 um 16:21 Uhr: > If you are good with POSIX ACLs, I would appreciate if you could > take a look at > > http://people.debian.org/%7Eterpstra/message/20041026.105727.f688af8f.en.html > > Post your comments here, if you wish, I shall funnel the solution > and important points over to the other list... (unless you tell me > not to). > AFAIK what you want to do is not possible because Samba does not support NT ACLs yet. With NT ACLs you could say "Students are not allowed to change ACLs" and you were done. To make normal ACL inheritance work you need the user_xattr mount option and the smb.conf "map acl inherit = yes" paramater. This way a user.SAMBA_PAI xattr's will be created to store ACL inheritance behavior. But that would not be a solotion for you if you give the students full access to their directories because they could simply remove your supervisor account from the ACL of any of their files. Maybe a solution would be to audit ACL changes (sys_acl_set_file) and to run a cron script that ensures supervisor access to all files. But thats an ugly hack. Has anybody a better solution? Best thing to do this right now would be to hack a new vfs module that prevents a special user to be removed from an ACL (IMO). IIRC samba4 will support NT ACLs. The this will be not a problem anymore... -marc -- <NES> *lol* I download something from Napster <NES> And the same guy I downloaded it from starts downloading it from me when I'm done <NES> I message him and say "What are you doing? I just got that from you" <NES> "getting my song back fscker"
Attachment:
pgpGwnHREhJMe.pgp
Description: PGP signature