Page 1 of 1

Debian: Shared folder (ext4) over Samba

Posted: Tue Jun 23, 2015 7:44 pm
by peter_b
[PROBLEM]
I have an external USB harddisk mounted on my local Debian (6, Squeeze) machine, formatted with ext4.
Now I have a folder on that disk, I want to share over the network to another Debian (7, Wheezy) so that users in a certain group can read/write files in that shared network folder.

Let's say the user on Debian6 is "user1" and "user2" on Debian7.
The group name is "inbox".

Sounds simple, but in this scenario the strict security of GNU/Linux filesystems gets a bit in the way.
  • Files written locally are written as user "user1" with "rwxr-xr-x" (0755)
  • Changing the default umask from "0022" to "0002" is not an option, because that would affect all files created by "user1". We want only the shared folder to be like that.
  • The files written into the shared folder by "user1" are written automatically (using rsync inside a PHP program).
  • When accessing the share over Samba on Debian7 (by "user2"), files/folders that were created by "user1" cannot be moved, due to 0755.
[SOLUTION]
I needed rights-inheritance for this.
Therefore, I finally took a look at Access Control Lists (ACLs).

It's actually quite easy for this use-case:

1) Install and enable ACLs on the partition where the shared folder resides:

Code: Select all

$ apt-get install acl
Add the "acl" flag as mount option in /etc/fstab, and/or remount it to apply it on the fly:

Code: Select all

$ mount -o remount,acl /mnt/my_shared_folder
2) Set the regular Unix permissions:

Code: Select all

$ chown root:inbox /mnt/my_shared_folder
3) Assign the ACL group rights for the shared folder:

Code: Select all

$ setfacl -m g:inbox:rwx /mnt/my_shared_folder
4) Now, do the same and define it as "default" (for inheritance), with the "-d" flag:

Code: Select all

$ setfacl -d -m g:inbox:rwx /mnt/my_shared_folder

In my case, reading the ACLs of the shared folder (using "getfacl") looks like this:
# file: my_shared_folder/
# owner: root
# group: inbox
user::rwx
group::rwx
group:inbox:rwx
mask::rwx
other::r-x
default:user::rwx
default:group::rwx
default:group:inbox:rwx
default:mask::rwx
default:other::r-x


Links: