[plug] permissions, samba, ACLs, etc?!

[Craig Ringer]

  > I recently noticed that when I saved a file to a samba shared 
directory while using the computer that is hosting the samba shares, 
that the file's permissions were set by the user's umask.  This is fine 
for the rest of the filesystem, but I want all files and directories 
created in the /pub/sambashare/ directory (on its own partition, by the 
way) to have the same permissions and group.

This can be done with a few directives in the samba config file. You can 
force all users to a single UNIX user for one share, or globally. man 
smb.conf .

> I've heard something called ACL's mentioned, but I don't have an understanding of quite what these are and how to determine if my ext3 FS under Redhat 8 is using them.  

Avoid ACLs unless you have to use them. They're nice at first, but get 
complicated and horrible to administer long-term. Just look at Windows 
file security - lovely at first, nightmarish for long term installations.

> Secondly, while it's okay for files to have permissions of 660, it's not okay for directories, right?  Without the directories having the executable bit set, their contents can't be viewed, correct?

Correct. Your umask should not mask out the execute bit, this will be 
done automatically when the system creates a file. In other words, if 
the umask allows the execute bit to be set, it will only create 
directories with the execute bit, not files.

> Is setting the group ID part even necessary here?  No user needs execute permissions on any of the files because none of them are linux executable scripts.

sgid directories are good for ensuring that all files created in the 
directory have the same gid, regardless of the login gid of the user who 
created the file. This is a good thing to keep for the behaviour that 
you want.

Craig Ringer