[CentOS] Directory and File Perms

Thu Apr 30 15:42:56 UTC 2009
Toby Bluhm <tkb at alltechmedusa.com>

Joseph L. Casale wrote:
> I have a directory shared out via Samba for Quickbooks and seem
> to have some issues with permissions. The directory being shared
> is a subdirectory in an ext3 partition being mounted with the acl
> option.
> 
> It has been setup as follows:
>      chown root:DOMAIN\AD_Group /mnt/Intuit_Data/
>      chmod 2770 /mnt/Intuit_Data/
> 
> And the Samba share config is has:
>      create mask = 0660
>      directory mask = 0770
> 
> So when a user creates a file from their Windows box through Explorer
> or any other app, it gets perms as you might expect:
>      -rw-rw---- 1 Domain+jcasale DOMAIN+AD_Group       0 Apr 29 14:24 test.txt
> and it can be deleted by anyone.
> 
> Problem is QB uses gamin and this file monitoring daemon runs as root
> and all sorts of changes take place as you work with the data, from creating
> the company file to editing it in QB, it ends up slowly changing to 0400?
> 
> 
> Here is what I am seeing now:
> User creates a new company file through QB (this is already fubar'ed):
> # ll
> -rw------- 1 Domain+jcasale DOMAIN+AD_Group 7647232 Apr 29 14:37 Company.QBW
> -rw-r--r-- 1 root           DOMAIN+AD_Group     420 Apr 29 14:36 Company.QBW.ND
> -rw-r--r-- 1 Domain+jcasale DOMAIN+AD_Group 1114112 Apr 29 14:36 Company.QBW.TLG
> drwx------ 2 root           root              16384 Apr 24 09:34 lost+found
> -rw-rw---- 1 root           DOMAIN+AD_Group     300 Apr 24 10:17 qbdir.dat
> 
> Now after working with the company in QB, this is what happens:
> # ll
> -rw------- 1 Domain+jcasale DOMAIN+AD_Group 7331840 Apr 29 14:37 Company.QBW
> -rw-r--r-- 1 root           DOMAIN+AD_Group     420 Apr 29 14:37 Company.QBW.ND
> -rw------- 1 Domain+jcasale DOMAIN+AD_Group 1245184 Apr 29 14:37 Company.QBW.TLG
> drwx------ 2 root           root              16384 Apr 24 09:34 lost+found
> -rw-rw---- 1 root           DOMAIN+AD_Group     300 Apr 24 10:17 qbdir.dat
> 
> 
> What are my options to control this here? Edit init scripts for that daemon?
> I don't know what would happen if it doesn't run as root, but maybe as a user
> that has GID of DOMAIN+AD_Group?
> 

I've handled these kind of complex samba rights problems by either using 
acls or if it's particularly thorny, an inotify script - needs 
inotify-tools-3.13-1.el5.rf.


-- 
tkb