I have a directory shared out via Samba for Quickbooks and seem to have some issues with permissions. The directory being shared is a subdirectory in an ext3 partition being mounted with the acl option.
It has been setup as follows: chown root:DOMAIN\AD_Group /mnt/Intuit_Data/ chmod 2770 /mnt/Intuit_Data/
And the Samba share config is has: create mask = 0660 directory mask = 0770
So when a user creates a file from their Windows box through Explorer or any other app, it gets perms as you might expect: -rw-rw---- 1 Domain+jcasale DOMAIN+AD_Group 0 Apr 29 14:24 test.txt and it can be deleted by anyone.
Problem is QB uses gamin and this file monitoring daemon runs as root and all sorts of changes take place as you work with the data, from creating the company file to editing it in QB, it ends up slowly changing to 0400?
Here is what I am seeing now: User creates a new company file through QB (this is already fubar'ed): # ll -rw------- 1 Domain+jcasale DOMAIN+AD_Group 7647232 Apr 29 14:37 Company.QBW -rw-r--r-- 1 root DOMAIN+AD_Group 420 Apr 29 14:36 Company.QBW.ND -rw-r--r-- 1 Domain+jcasale DOMAIN+AD_Group 1114112 Apr 29 14:36 Company.QBW.TLG drwx------ 2 root root 16384 Apr 24 09:34 lost+found -rw-rw---- 1 root DOMAIN+AD_Group 300 Apr 24 10:17 qbdir.dat
Now after working with the company in QB, this is what happens: # ll -rw------- 1 Domain+jcasale DOMAIN+AD_Group 7331840 Apr 29 14:37 Company.QBW -rw-r--r-- 1 root DOMAIN+AD_Group 420 Apr 29 14:37 Company.QBW.ND -rw------- 1 Domain+jcasale DOMAIN+AD_Group 1245184 Apr 29 14:37 Company.QBW.TLG drwx------ 2 root root 16384 Apr 24 09:34 lost+found -rw-rw---- 1 root DOMAIN+AD_Group 300 Apr 24 10:17 qbdir.dat
What are my options to control this here? Edit init scripts for that daemon? I don't know what would happen if it doesn't run as root, but maybe as a user that has GID of DOMAIN+AD_Group?
Thanks for any ideas! jlc
On Wed, Apr 29, 2009, Joseph L. Casale wrote:
I have a directory shared out via Samba for Quickbooks and seem to have some issues with permissions. The directory being shared is a subdirectory in an ext3 partition being mounted with the acl option.
It has been setup as follows: chown root:DOMAIN\AD_Group /mnt/Intuit_Data/ chmod 2770 /mnt/Intuit_Data/
And the Samba share config is has: create mask = 0660 directory mask = 0770
So when a user creates a file from their Windows box through Explorer or any other app, it gets perms as you might expect: -rw-rw---- 1 Domain+jcasale DOMAIN+AD_Group 0 Apr 29 14:24 test.txt and it can be deleted by anyone.
Problem is QB uses gamin and this file monitoring daemon runs as root and all sorts of changes take place as you work with the data, from creating the company file to editing it in QB, it ends up slowly changing to 0400?
You probably want to look at the ``force user'' and/or ``force group'' share settings in Samba (or look for a Real Accounting(tm) package in place of QB :-).
Bill
You probably want to look at the ``force user'' and/or ``force group''
Well, I would need ``force group'', but I tried that with an AD group and it didn't work? I will dig into this again and see what went wrong.
(or look for a Real Accounting(tm) package in place of QB :-).
Don't even get me started, this is the biggest POS I have ever seen in my life. The deployment alone is the stupidest thing I have seen in ages.
Bah, life's too short... Not if, but when it breaks I will take my time fixing it:) I already suggested it was utter sh!t but hey, what do I know:)
Thanks! jlc
On Wed, 2009-04-29 at 14:30 -0700, Bill Campbell wrote:
On Wed, Apr 29, 2009, Joseph L. Casale wrote:
I have a directory shared out via Samba for Quickbooks and seem to have some issues with permissions. The directory being shared is a subdirectory in an ext3 partition being mounted with the acl option.
It has been setup as follows: chown root:DOMAIN\AD_Group /mnt/Intuit_Data/ chmod 2770 /mnt/Intuit_Data/
And the Samba share config is has: create mask = 0660 directory mask = 0770
So when a user creates a file from their Windows box through Explorer or any other app, it gets perms as you might expect: -rw-rw---- 1 Domain+jcasale DOMAIN+AD_Group 0 Apr 29 14:24 test.txt and it can be deleted by anyone.
Problem is QB uses gamin and this file monitoring daemon runs as root and all sorts of changes take place as you work with the data, from creating the company file to editing it in QB, it ends up slowly changing to 0400?
You probably want to look at the ``force user'' and/or ``force group'' share settings in Samba (or look for a Real Accounting(tm) package in place of QB :-).
Bill
-- I don't think that would even solve the problem because gamin reports to QB and then QB makes the changes as per the FAM docs which is the older of gamin. http://oss.sgi.com/projects/fam/doc.html
There is no explicit docs on gamin on the gnome site. They refer to FAM as the per the documentation.
Question: Did QB give you documentation on how to set it under Linux?
JohnStanley
I don't think that would even solve the problem because gamin reports to QB and then QB makes the changes as per the FAM docs which is the older of gamin. http://oss.sgi.com/projects/fam/doc.html
There is no explicit docs on gamin on the gnome site. They refer to FAM as the per the documentation.
Question: Did QB give you documentation on how to set it under Linux?
I was just about to post the same thing after I thought about it, as gamin operates on the files outside of Samba...
They did provide a guide, but its weak and the setup from what I can see is not secure. They suggest:
# chmod -R 775 /directory # chgrp -R groupname /directory [share_name] path = /directory comment = samba share for company files valid users = user1 user2 user3 public = no writable = yes printable = no create mask = 0765
Not sure why "other" gets anything? I don't even see how that cures the issues imposed? I think that continued access by the client works, it's just when they try to delete a company...
The only thing I can think of is a cron job with a find excluding the lost+found performing a chmod/chown? That's just silly though. What a POS.
Thanks! jlc
On Wed, 2009-04-29 at 14:30 -0700, Bill Campbell wrote:
On Wed, Apr 29, 2009, Joseph L. Casale wrote:
I have a directory shared out via Samba for Quickbooks and seem to have some issues with permissions. The directory being shared is a subdirectory in an ext3 partition being mounted with the acl option.
It has been setup as follows: chown root:DOMAIN\AD_Group /mnt/Intuit_Data/ chmod 2770 /mnt/Intuit_Data/
And the Samba share config is has: create mask = 0660 directory mask = 0770
So when a user creates a file from their Windows box through Explorer or any other app, it gets perms as you might expect: -rw-rw---- 1 Domain+jcasale DOMAIN+AD_Group 0 Apr 29 14:24 test.txt and it can be deleted by anyone.
Problem is QB uses gamin and this file monitoring daemon runs as root and all sorts of changes take place as you work with the data, from creating the company file to editing it in QB, it ends up slowly changing to 0400?
You probably want to look at the ``force user'' and/or ``force group'' share settings in Samba (or look for a Real Accounting(tm) package in place of QB :-).
---- I don't like Quickbooks. Quickbooks does not support anything but Microsoft and even that means a phone call to worthless call center in India.
I would never suggest that anyone use Samba/Linux to host Quickbooks share unless they wanted to experience real heartburn.
That said, I don't generally advocate 'force user/group' configuration on samba shares either unless there absolutely were no other way.
I think Joseph is onto most of it with...
chown root:DOMAIN\AD_Group /mnt/Intuit_Data/ chmod 2770 /mnt/Intuit_Data/
and I would add one more thing to the share definition...
store dos attributes = yes inherit permissions = yes
Which generally makes for happy workgroups on Samba if the share is mounted with user_acl which is generally the default for Red Hat/CentOS systems but I can't vouch for Quickbooks behavior.
Craig
Joseph L. Casale wrote:
I have a directory shared out via Samba for Quickbooks and seem to have some issues with permissions. The directory being shared is a subdirectory in an ext3 partition being mounted with the acl option.
It has been setup as follows: chown root:DOMAIN\AD_Group /mnt/Intuit_Data/ chmod 2770 /mnt/Intuit_Data/
And the Samba share config is has: create mask = 0660 directory mask = 0770
So when a user creates a file from their Windows box through Explorer or any other app, it gets perms as you might expect: -rw-rw---- 1 Domain+jcasale DOMAIN+AD_Group 0 Apr 29 14:24 test.txt and it can be deleted by anyone.
Problem is QB uses gamin and this file monitoring daemon runs as root and all sorts of changes take place as you work with the data, from creating the company file to editing it in QB, it ends up slowly changing to 0400?
Here is what I am seeing now: User creates a new company file through QB (this is already fubar'ed): # ll -rw------- 1 Domain+jcasale DOMAIN+AD_Group 7647232 Apr 29 14:37 Company.QBW -rw-r--r-- 1 root DOMAIN+AD_Group 420 Apr 29 14:36 Company.QBW.ND -rw-r--r-- 1 Domain+jcasale DOMAIN+AD_Group 1114112 Apr 29 14:36 Company.QBW.TLG drwx------ 2 root root 16384 Apr 24 09:34 lost+found -rw-rw---- 1 root DOMAIN+AD_Group 300 Apr 24 10:17 qbdir.dat
Now after working with the company in QB, this is what happens: # ll -rw------- 1 Domain+jcasale DOMAIN+AD_Group 7331840 Apr 29 14:37 Company.QBW -rw-r--r-- 1 root DOMAIN+AD_Group 420 Apr 29 14:37 Company.QBW.ND -rw------- 1 Domain+jcasale DOMAIN+AD_Group 1245184 Apr 29 14:37 Company.QBW.TLG drwx------ 2 root root 16384 Apr 24 09:34 lost+found -rw-rw---- 1 root DOMAIN+AD_Group 300 Apr 24 10:17 qbdir.dat
What are my options to control this here? Edit init scripts for that daemon? I don't know what would happen if it doesn't run as root, but maybe as a user that has GID of DOMAIN+AD_Group?
I've handled these kind of complex samba rights problems by either using acls or if it's particularly thorny, an inotify script - needs inotify-tools-3.13-1.el5.rf.
-
Bill Campbell -
Craig White -
JohnS -
Joseph L. Casale -
Toby Bluhm