Hey folks, turning to the larger audience in search for new ideas… since POSIX is based on discretionary access control (meaning that the application/user have the final say), and after Samba 4 dropped the "force directory security mode" & Co. settings, we are finding it really hard to provide a good filesharing means between users of all platforms (shell, some desktop-environments, Windows, MacOSX) without constantly running into problems relating to the group permissions.
So far, I have not found any way to ensure that everyone using a CIFS share (or NFS, or Appletalk, or SSHFS, or Git, or whatever) is forced to leave the file repository in a state where all files and directories are owned by a shared group and have the g+rwX bits set. g+s on the directory (as well as the Samba "force directory mode" setting) do not affect existing files moved into the tree, which is what happens most of the time actually. ACLs also don't work, since they are ultimately governed by the group bits, which get interpreted as mask. Short of the sledgehammer approaches of using either a cronjob to brute-force permissions at regular intervals, or an incronjob to pave over any changes right when they happen, I am at a loss. And I'd like to avoid both those hacks because they are just ugly and spell trouble sooner or later, I am sure. How do solve this? Thanks for any insights, -- .''`. martin f. krafft <madduck@d.o> @martinkrafft : :' : proud Debian developer `. `'` http://people.debian.org/~madduck `- Debian - when you have better things to do than fixing systems "the intellect is not a serious thing, and never has been. it is an instrument on which one plays, that is all." -- oscar wilde
digital_signature_gpg.asc
Description: Digital signature (see http://martin-krafft.net/gpg/sig-policy/999bbcc4/current)
