group share directory using ACL's

Mon, 09 Sep 2013 16:27:02 -0700 

debian-user:
I am attempting to set up a "group share" directory where any user (local or via Samba) can create, copy, and move files and directories and every other user has full access to those files and directories. This directory will be shared via Samba. 



STFW I found various posts that demonstrate using ACL's to achieve the 
desired effect.




Here is a Bourne shell script that creates a system user (and group) 
"groupshare" and attempts to create a directory with the desired 
functionality "/mnt/z/data/Groupshare":


    #!/bin/sh

    set -o nounset
    set -o errexit

    DIR=/mnt/z/data/GroupShare
    USERNAME=groupshare

    if `grep -q $USERNAME /etc/passwd`; then deluser --system $USERNAME; fi
    if `grep -q $USERNAME /etc/group`; then delgroup --system $USERNAME; fi
    if [ -d $DIR ]; then rm -rf $DIR; fi

    adduser --system --group --no-create-home $USERNAME
    mkdir $DIR
    chown $USERNAME:$USERNAME $DIR
    chmod 0777 $DIR
    chmod g+s $DIR
    setfacl -m d:u::rwx,d:g::rwx,d:o::rwx,d:m:rwx $DIR


Running the script gives me a directory with the following ACL settings:

    $ getfacl /mnt/z/data/GroupShare
    getfacl: Removing leading '/' from absolute path names
    # file: mnt/z/data/GroupShare
    # owner: groupshare
    # group: groupshare
    # flags: -s-
    user::rwx
    group::rwx
    other::rwx
    default:user::rwx
    default:group::rwx
    default:mask::rwx
    default:other::rwx



The directory works as intended if I create files and directories -- 
e.g. the GroupShare default ACL is applied to the new files and directories:


    $ touch /mnt/z/data/GroupShare/foo

    $ mkdir /mnt/z/data/GroupShare/bar

    $ ll /mnt/z/data/GroupShare
    total 12
    drwxrwsrwx+ 3 groupshare groupshare 4096 2013/09/09 16:19:27 ./
    drwxr-xr-x  7 root       root       4096 2013/09/09 16:18:51 ../
    drwxrwsrwx+ 2 dpchrist   groupshare 4096 2013/09/09 16:19:27 bar/
    -rw-rw-rw-+ 1 dpchrist   groupshare    0 2013/09/09 16:19:20 foo



However, the directory doesn't work as intended if I copy or move files 
(and directories) -- e.g.  the source document ACL overrides the 
GroupShare default ACL:


    $ touch foo2

    $ cp foo2 /mnt/z/data/GroupShare/.

    $ touch foo3

    $ mv foo3 /mnt/z/data/GroupShare/.

    $ ll /mnt/z/data/GroupShare
    total 12
    drwxrwsrwx+ 3 groupshare groupshare 4096 2013/09/09 15:58:52 ./
    drwxr-xr-x  7 root       root       4096 2013/09/09 15:57:50 ../
    drwxrwsrwx+ 2 dpchrist   groupshare 4096 2013/09/09 15:58:29 bar/
    -rw-rw-rw-+ 1 dpchrist   groupshare    0 2013/09/09 15:58:24 foo
    -rw-r--r--  1 dpchrist   dpchrist      0 2013/09/09 15:58:34 foo2
    -rw-r--r--  1 dpchrist   dpchrist      0 2013/09/09 15:58:45 foo3



Does anybody know how to force the GroupShare directory default ACL to 
be applied on copy and move?



TIA,

David


--

To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Archive: http://lists.debian.org/522e58f0.4080...@holgerdanske.com























					Reply via email to