[CentOS] Directory and File Perms

Thu Apr 30 00:59:30 UTC 2009
Craig White <craigwhite at azapple.com>

On Wed, 2009-04-29 at 14:30 -0700, Bill Campbell wrote:
> On Wed, Apr 29, 2009, Joseph L. Casale wrote:
> >I have a directory shared out via Samba for Quickbooks and seem
> >to have some issues with permissions. The directory being shared
> >is a subdirectory in an ext3 partition being mounted with the acl
> >option.
> >
> >It has been setup as follows:
> >     chown root:DOMAIN\AD_Group /mnt/Intuit_Data/
> >     chmod 2770 /mnt/Intuit_Data/
> >
> >And the Samba share config is has:
> >     create mask = 0660
> >     directory mask = 0770
> >
> >So when a user creates a file from their Windows box through Explorer
> >or any other app, it gets perms as you might expect:
> >     -rw-rw---- 1 Domain+jcasale DOMAIN+AD_Group       0 Apr 29 14:24 test.txt
> >and it can be deleted by anyone.
> >
> >Problem is QB uses gamin and this file monitoring daemon runs as root
> >and all sorts of changes take place as you work with the data, from creating
> >the company file to editing it in QB, it ends up slowly changing to 0400?
> 
> You probably want to look at the ``force user'' and/or ``force group''
> share settings in Samba (or look for a Real Accounting(tm) package in place
> of QB :-).
----
I don't like Quickbooks. Quickbooks does not support anything but
Microsoft and even that means a phone call to worthless call center in
India.

I would never suggest that anyone use Samba/Linux to host Quickbooks
share unless they wanted to experience real heartburn.

That said, I don't generally advocate 'force user/group' configuration
on samba shares either unless there absolutely were no other way.

I think Joseph is onto most of it with...

     chown root:DOMAIN\AD_Group /mnt/Intuit_Data/
     chmod 2770 /mnt/Intuit_Data/

and I would add one more thing to the share definition...

     store dos attributes = yes
     inherit permissions = yes

Which generally makes for happy workgroups on Samba if the share is mounted with user_acl which is generally the default for Red Hat/CentOS systems but I can't vouch for Quickbooks behavior.

Craig


-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.