I just created a Samba share under Redhat 7, with sssd as authentication provider and the use of ACLs. Here is my config:
[global]
realm = domain.local
workgroup = domain
security = ads
kerberos method = secrets and keytab
idmap config * : backend = tdb
log level = 3
debug pid = true
max log size = 0
vfs objects = acl_xattr
map acl inherit = yes
store dos attributes = yes
[projects]
path = /projects
valid users = @grp_dep-team,@grp_dep-studenten
writeable = yes
create mask = 0770
directory mask = 0770
Here is the ACL on one directory:
# file: dep01/
# owner: root
# group: root
user::rwx
user:root:rwx
group::rwx
group:root:rwx
group:dl_dep01_rw:rwx
group:dl_dep01_ro:r-x
mask::rwx
other::---
default:user::rwx
default:user:root:rwx
default:group::rwx
default:group:root:rwx
default:group:dl_dep01_rw:rwx
default:group:dl_dep01_ro:r-x
default:mask::rwx
default:other::---
Everything works fine and as expected.
The only problem is, that dl_dep01_rw has "Full access". I want to deny "Take Ownership" and "Change Permissions".
Is this even possible?
EDIT1 I just added the last 3 values to my global section and removed the force-configuration. I can remove the "change permission" permission, but it has no effect: The user still can modify file and folder permissions.
kind regards
