Samba shares and permissions not working correctly

[pcteknikern]

Hi!

I have Zentyal 2.0.7 installed on a server for test purpose as a fileserver
And the following situation.

A share named Commonshare

A group called ITStaff that have Administrator permissions on the share
A group called Students that have Read and Write permissions on the share.

The problem is the following. Members of Students group can delete files and folders in the
share that the user himself didnt create. That shouldnt be possible, right? For example...a user in the ITStaff group creates a file or folder. And when i test as a user that is member of Students group he can delete the file or folder that the ITStaff member user had created...

Only a member of ITStaff with Administrator permissions on the share should be
able to do that??

A bug or something i have misunderstood? Otherwise there is no purpose of having both Read and Write permission and Administrator permission as a choise when assigning permissions to a group.

 

[tuxmania]

Hej,

Read and write gives you the permission to read, write and delete.
Admin gives you permission to read, write,delete and assign permissions to other users.

In your case the students should only have read rights to the folder you dont want them to be able to delete stuff in.

[pcteknikern]

Ok...

I thought that Read And Write permission was assigned to a user or group
to make them able to read and write to a directory and only being able to
delete or change files that the user himself created (that he is owner of).
Not files or folders that others created.

[eboxbuggy]

chmod 644 or add option create mask in smb.conf

this should prevent other users from deleting files that they don't own.

[UdoB]

The problem is the following. Members of Students group can delete files and folders in the share that the user himself didnt create.

This is the expected behavior. Please search for "sticky bit" and for "directory mask"/"create mask" in smb.conf.

You need to use the command line as this special feature is not available from zentyal front end as far as I know.

Best regards from Germany

[pcteknikern]

ok...thanks for the advice....

I just thought the warning descripion on the share settings page is misleading.

"Be careful if you grant administrator privileges.User will be able to read and write any file in the share"

It doesnt matter if you only have Read And Write permissions or Administrator privilegies. You can delete/change any files or folders anyway.