From: Manuel W. <sch...@la...> - 2017-10-24 22:15:58
|
maybe ACLs are more suited for improvising? ACLs are being inherited. and AFAIK they override POSIX. put the AFP users in a group and give that group ACL permissions on the parent dir. best m > Am 24.10.2017 um 22:21 schrieb Herb Burnswell <her...@gm...>: > > Hi, > > Is there a way to set the owner and group for newly created files and folders via afp.conf? In Samba it can be accomplished with: > > inherit owner = yes > > Is there something similar in netatalk? > > We're trying to create the files on the server (CentOS 7.3) with 0777 permissions and owned by root:root and dictate access via AD groups. The problem is when users create files and folders via AFP, the correct 0777 permissions are created but owner and group are the specific users': > > drwxrwsrwx 2 user.A domain users 4096 Oct 24 12:53 <directory> > > Even though the directory has 0777 permissions, "user.B" cannot write to the new directory with "user.A:domain users" user/group ownership. If we change the user and group to root:root on the new directory, all users can read and write to it. > > If we can dictate the new files and folders to have root:root users/group permissions, it should all be fine. This share has 20TB of data so ideally we'd like to find a solution that doesn't require using ACL's because so far it seems to be a nightmare with both SMB and AFP access. > > Can anyone provide some guidance? Thanks in advance - HB > > My afp.conf: > > [Global] > > vol preset = default_for_all_vol > log file = /var/log/netatalk/netatalk.log > log level = default:info > spotlight = yes > max connections = 500 > unix charset = UTF-8 > afp listen = 10.10.10.120 > > save password= no > set password= yes > sleep time = 168 > vol dbpath = /var/lib/netatalk/CNID > > [default_for_all_vol] > > file perm = 0777 > directory perm = 0777 > cnid scheme = dbd > vol charset = UTF-8 > ea = auto > unix priv = yes > stat vol = yes > network ids = yes > > [share] > > path = /mnt/share > valid users = "@group 1","@group 2","@group 3" > > > > ------------------------------------------------------------------------------ > Check out the vibrant tech community on one of the world's most > engaging tech sites, Slashdot.org! http://sdm.link/slashdot_______________________________________________ > Netatalk-admins mailing list > Net...@li... > https://lists.sourceforge.net/lists/listinfo/netatalk-admins |