[CentOS] Directory and File Perms

Joseph L. Casale JCasale at activenetwerx.com
Wed Apr 29 22:02:28 UTC 2009


I have a directory shared out via Samba for Quickbooks and seem
to have some issues with permissions. The directory being shared
is a subdirectory in an ext3 partition being mounted with the acl
option.

It has been setup as follows:
     chown root:DOMAIN\AD_Group /mnt/Intuit_Data/
     chmod 2770 /mnt/Intuit_Data/

And the Samba share config is has:
     create mask = 0660
     directory mask = 0770

So when a user creates a file from their Windows box through Explorer
or any other app, it gets perms as you might expect:
     -rw-rw---- 1 Domain+jcasale DOMAIN+AD_Group       0 Apr 29 14:24 test.txt
and it can be deleted by anyone.

Problem is QB uses gamin and this file monitoring daemon runs as root
and all sorts of changes take place as you work with the data, from creating
the company file to editing it in QB, it ends up slowly changing to 0400?


Here is what I am seeing now:
User creates a new company file through QB (this is already fubar'ed):
# ll
-rw------- 1 Domain+jcasale DOMAIN+AD_Group 7647232 Apr 29 14:37 Company.QBW
-rw-r--r-- 1 root           DOMAIN+AD_Group     420 Apr 29 14:36 Company.QBW.ND
-rw-r--r-- 1 Domain+jcasale DOMAIN+AD_Group 1114112 Apr 29 14:36 Company.QBW.TLG
drwx------ 2 root           root              16384 Apr 24 09:34 lost+found
-rw-rw---- 1 root           DOMAIN+AD_Group     300 Apr 24 10:17 qbdir.dat

Now after working with the company in QB, this is what happens:
# ll
-rw------- 1 Domain+jcasale DOMAIN+AD_Group 7331840 Apr 29 14:37 Company.QBW
-rw-r--r-- 1 root           DOMAIN+AD_Group     420 Apr 29 14:37 Company.QBW.ND
-rw------- 1 Domain+jcasale DOMAIN+AD_Group 1245184 Apr 29 14:37 Company.QBW.TLG
drwx------ 2 root           root              16384 Apr 24 09:34 lost+found
-rw-rw---- 1 root           DOMAIN+AD_Group     300 Apr 24 10:17 qbdir.dat


What are my options to control this here? Edit init scripts for that daemon?
I don't know what would happen if it doesn't run as root, but maybe as a user
that has GID of DOMAIN+AD_Group?

Thanks for any ideas!
jlc



More information about the CentOS mailing list