[CentOS] Directory and File Perms
Toby Bluhm
tkb at alltechmedusa.com
Thu Apr 30 15:42:56 UTC 2009
Joseph L. Casale wrote:
> I have a directory shared out via Samba for Quickbooks and seem
> to have some issues with permissions. The directory being shared
> is a subdirectory in an ext3 partition being mounted with the acl
> option.
>
> It has been setup as follows:
> chown root:DOMAIN\AD_Group /mnt/Intuit_Data/
> chmod 2770 /mnt/Intuit_Data/
>
> And the Samba share config is has:
> create mask = 0660
> directory mask = 0770
>
> So when a user creates a file from their Windows box through Explorer
> or any other app, it gets perms as you might expect:
> -rw-rw---- 1 Domain+jcasale DOMAIN+AD_Group 0 Apr 29 14:24 test.txt
> and it can be deleted by anyone.
>
> Problem is QB uses gamin and this file monitoring daemon runs as root
> and all sorts of changes take place as you work with the data, from creating
> the company file to editing it in QB, it ends up slowly changing to 0400?
>
>
> Here is what I am seeing now:
> User creates a new company file through QB (this is already fubar'ed):
> # ll
> -rw------- 1 Domain+jcasale DOMAIN+AD_Group 7647232 Apr 29 14:37 Company.QBW
> -rw-r--r-- 1 root DOMAIN+AD_Group 420 Apr 29 14:36 Company.QBW.ND
> -rw-r--r-- 1 Domain+jcasale DOMAIN+AD_Group 1114112 Apr 29 14:36 Company.QBW.TLG
> drwx------ 2 root root 16384 Apr 24 09:34 lost+found
> -rw-rw---- 1 root DOMAIN+AD_Group 300 Apr 24 10:17 qbdir.dat
>
> Now after working with the company in QB, this is what happens:
> # ll
> -rw------- 1 Domain+jcasale DOMAIN+AD_Group 7331840 Apr 29 14:37 Company.QBW
> -rw-r--r-- 1 root DOMAIN+AD_Group 420 Apr 29 14:37 Company.QBW.ND
> -rw------- 1 Domain+jcasale DOMAIN+AD_Group 1245184 Apr 29 14:37 Company.QBW.TLG
> drwx------ 2 root root 16384 Apr 24 09:34 lost+found
> -rw-rw---- 1 root DOMAIN+AD_Group 300 Apr 24 10:17 qbdir.dat
>
>
> What are my options to control this here? Edit init scripts for that daemon?
> I don't know what would happen if it doesn't run as root, but maybe as a user
> that has GID of DOMAIN+AD_Group?
>
I've handled these kind of complex samba rights problems by either using
acls or if it's particularly thorny, an inotify script - needs
inotify-tools-3.13-1.el5.rf.
--
tkb
More information about the CentOS
mailing list