I have an external USB harddisk mounted on my local Debian (6, Squeeze) machine, formatted with ext4.
Now I have a folder on that disk, I want to share over the network to another Debian (7, Wheezy) so that users in a certain group can read/write files in that shared network folder.
Let's say the user on Debian6 is "user1" and "user2" on Debian7.
The group name is "inbox".
Sounds simple, but in this scenario the strict security of GNU/Linux filesystems gets a bit in the way.
- Files written locally are written as user "user1" with "rwxr-xr-x" (0755)
- Changing the default umask from "0022" to "0002" is not an option, because that would affect all files created by "user1". We want only the shared folder to be like that.
- The files written into the shared folder by "user1" are written automatically (using rsync inside a PHP program).
- When accessing the share over Samba on Debian7 (by "user2"), files/folders that were created by "user1" cannot be moved, due to 0755.
I needed rights-inheritance for this.
Therefore, I finally took a look at Access Control Lists (ACLs).
It's actually quite easy for this use-case:
1) Install and enable ACLs on the partition where the shared folder resides:
Code: Select all
$ apt-get install aclCode: Select all
$ mount -o remount,acl /mnt/my_shared_folderCode: Select all
$ chown root:inbox /mnt/my_shared_folderCode: Select all
$ setfacl -m g:inbox:rwx /mnt/my_shared_folderCode: Select all
$ setfacl -d -m g:inbox:rwx /mnt/my_shared_folderIn my case, reading the ACLs of the shared folder (using "getfacl") looks like this:
# file: my_shared_folder/
# owner: root
# group: inbox
user::rwx
group::rwx
group:inbox:rwx
mask::rwx
other::r-x
default:user::rwx
default:group::rwx
default:group:inbox:rwx
default:rwx
default:other::r-x
:rwxLinks: