Debian: Shared folder (ext4) over Samba

Linux howto's, compile information, information on whatever we learned on working with linux, MACOs and - of course - Products of the big evil....
Post Reply
User avatar
peter_b
Chatterbox
Posts: 383
Joined: Tue Nov 12, 2013 2:05 am

Debian: Shared folder (ext4) over Samba

Post by peter_b »

[PROBLEM]
I have an external USB harddisk mounted on my local Debian (6, Squeeze) machine, formatted with ext4.
Now I have a folder on that disk, I want to share over the network to another Debian (7, Wheezy) so that users in a certain group can read/write files in that shared network folder.

Let's say the user on Debian6 is "user1" and "user2" on Debian7.
The group name is "inbox".

Sounds simple, but in this scenario the strict security of GNU/Linux filesystems gets a bit in the way.
  • Files written locally are written as user "user1" with "rwxr-xr-x" (0755)
  • Changing the default umask from "0022" to "0002" is not an option, because that would affect all files created by "user1". We want only the shared folder to be like that.
  • The files written into the shared folder by "user1" are written automatically (using rsync inside a PHP program).
  • When accessing the share over Samba on Debian7 (by "user2"), files/folders that were created by "user1" cannot be moved, due to 0755.
[SOLUTION]
I needed rights-inheritance for this.
Therefore, I finally took a look at Access Control Lists (ACLs).

It's actually quite easy for this use-case:

1) Install and enable ACLs on the partition where the shared folder resides:

Code: Select all

$ apt-get install acl
Add the "acl" flag as mount option in /etc/fstab, and/or remount it to apply it on the fly:

Code: Select all

$ mount -o remount,acl /mnt/my_shared_folder
2) Set the regular Unix permissions:

Code: Select all

$ chown root:inbox /mnt/my_shared_folder
3) Assign the ACL group rights for the shared folder:

Code: Select all

$ setfacl -m g:inbox:rwx /mnt/my_shared_folder
4) Now, do the same and define it as "default" (for inheritance), with the "-d" flag:

Code: Select all

$ setfacl -d -m g:inbox:rwx /mnt/my_shared_folder

In my case, reading the ACLs of the shared folder (using "getfacl") looks like this:
# file: my_shared_folder/
# owner: root
# group: inbox
user::rwx
group::rwx
group:inbox:rwx
mask::rwx
other::r-x
default:user::rwx
default:group::rwx
default:group:inbox:rwx
default:mask::rwx
default:other::r-x


Links:
Post Reply