Записки программиста, обо всем и ни о чем. Но, наверное, больше профессионального.

2009-07-18

Samba

В настройках самбы, в файле smb.conf, есть параметры:
create mask, directory mask.
Я все никак не мог запомнить, как они влияют на атрибуты файлов.

Сегодня таки разобрался. Бит, который = 0 в маске, будет = 0 в атрибутах файла (или каталога) созданного с удаленной машины. Сами биты соответствуют юниксовым атрибутам rwxrwxrwx для владельца, группы и остальных.

Мне оказалось проще выставить
force create mode = 0666
force directory mode = 0777
чтобы всем был доступ на запись и чтение. В то же время файлы не могут быть выполняемыми.

А еще можно выставить setuid бит (4000) для вышележащего каталога (chmod g+s dirname) и тогда все создаваемые в этом каталоге файлы (и каталоги) будут под владением владельца каталога (в примере - группы владельца).

А вот хорошие шпаргалки на тему, добрые люди написали:

from 'man smb.conf' :

create mask (S)
When a file is created, the necessary permissions are calculated
according to the mapping from DOS modes to UNIX permissions, and
the resulting UNIX mode is then bit-wise 'AND'ed with this
parameter. This parameter may be thought of as a bit-wise MASK
for the UNIX modes of a file. Any bit not set here will be
removed from the modes set on a file when it is created.

The default value of this parameter removes the 'group' and
'other' write and execute bits from the UNIX modes.

Following this Samba will bit-wise 'OR' the UNIX mode created
from this parameter with the value of the force create mode
parameter which is set to 000 by default.

This parameter does not affect directory modes. See the parame-
ter directory mode for details.

Note that this parameter does not apply to permissions set by
Windows NT/2000 ACL editors. If the administrator wishes to
enforce a mask on access control lists also, they need to set
the security mask.

Default: create mask = 0744

Example: create mask = 0775


from 'man chmod' :

MODES
Modes may be absolute or symbolic. An absolute mode is an octal number
constructed from the sum of one or more of the following values:

4000 (the setuid bit). Executable files with this bit set will
run with effective uid set to the uid of the file owner.
Directories with this bit set will force all files and sub-
directories created in them to be owned by the directory
owner and not by the uid of the creating process, if the
underlying file system supports this feature: see chmod(2)
and the suiddir option to mount(8).
2000 (the setgid bit). Executable files with this bit set will
run with effective gid set to the gid of the file owner.
1000 (the sticky bit). See chmod(2) and sticky(8).
0400 Allow read by owner.
0200 Allow write by owner.
0100 For files, allow execution by owner. For directories,
allow the owner to search in the directory.
0040 Allow read by group members.
0020 Allow write by group members.
0010 For files, allow execution by group members. For directo-
ries, allow group members to search in the directory.
0004 Allow read by others.
0002 Allow write by others.
0001 For files, allow execution by others. For directories
allow others to search in the directory.


Комментариев нет:

Отправить комментарий

Архив блога

Ярлыки

linux (241) python (191) citation (186) web-develop (170) gov.ru (159) video (124) бытовуха (115) sysadm (100) GIS (97) Zope(Plone) (88) бурчалки (84) Book (83) programming (82) грабли (77) Fun (76) development (73) windsurfing (72) Microsoft (64) hiload (62) internet provider (57) opensource (57) security (57) опыт (55) movie (52) Wisdom (51) ML (47) driving (45) hardware (45) language (45) money (42) JS (41) curse (40) bigdata (39) DBMS (38) ArcGIS (34) history (31) PDA (30) howto (30) holyday (29) Google (27) Oracle (27) tourism (27) virtbox (27) health (26) vacation (24) AI (23) Autodesk (23) SQL (23) Java (22) humor (22) knowledge (22) translate (20) CSS (19) cheatsheet (19) hack (19) Apache (16) Manager (15) web-browser (15) Никонов (15) functional programming (14) happiness (14) music (14) todo (14) PHP (13) course (13) scala (13) weapon (13) HTTP. Apache (12) Klaipeda (12) SSH (12) frameworks (12) hero (12) im (12) settings (12) HTML (11) SciTE (11) USA (11) crypto (11) game (11) map (11) HTTPD (9) ODF (9) купи/продай (9) Photo (8) benchmark (8) documentation (8) 3D (7) CS (7) DNS (7) NoSQL (7) cloud (7) django (7) gun (7) matroska (7) telephony (7) Microsoft Office (6) VCS (6) bluetooth (6) pidgin (6) proxy (6) Donald Knuth (5) ETL (5) NVIDIA (5) Palanga (5) REST (5) bash (5) flash (5) keyboard (5) price (5) samba (5) CGI (4) LISP (4) RoR (4) cache (4) car (4) display (4) holywar (4) nginx (4) pistol (4) spark (4) xml (4) Лебедев (4) IDE (3) IE8 (3) J2EE (3) NTFS (3) RDP (3) holiday (3) mount (3) Гоблин (3) кухня (3) урюк (3) AMQP (2) ERP (2) IE7 (2) NAS (2) Naudoc (2) PDF (2) address (2) air (2) british (2) coffee (2) fitness (2) font (2) ftp (2) fuckup (2) messaging (2) notify (2) sharepoint (2) ssl/tls (2) stardict (2) tests (2) tunnel (2) udev (2) APT (1) CRUD (1) Canyonlands (1) Cyprus (1) DVDShrink (1) Jabber (1) K9Copy (1) Matlab (1) Portugal (1) VBA (1) WD My Book (1) autoit (1) bike (1) cannabis (1) chat (1) concurrent (1) dbf (1) ext4 (1) idioten (1) join (1) krusader (1) license (1) life (1) migration (1) mindmap (1) navitel (1) pneumatic weapon (1) quiz (1) regexp (1) robot (1) science (1) serialization (1) spatial (1) tie (1) vim (1) Науру (1) крысы (1) налоги (1) пианино (1)