our suse6.4 linux server offers samba shares to win98 users on our local network. i would like to set the linux file permissions to -rwx,rw-,--- when a win98 app (e.g. MSExcel) writes a file to the samba share. how can i do this? gary jollymore gjollymore@cpscoop.com
Gary Jollymore wrote:> > our suse6.4 linux server offers samba shares to win98 users on our local > network. > > i would like to set the linux file permissions to -rwx,rw-,--- when a win98 > app (e.g. MSExcel) writes a file to the samba share. > > how can i do this? > > gary jollymore > gjollymore@cpscoop.comYou need to make all of your directories SGID, short for Set Group ID. Why do you want the excel file to be user executable? The file (excel,etc) isn't a unix program, and may create a security problem with text files (shell scripts) stored through samba. If you don't already give your users shell access. Now How to... cd to the dir that contains the files you want to affect as root, or the owner of all the files. #this will change the directory permissions find -type d -exec chmod u+rwx,g+rwxs,o-rwx "{}" ";" #this will change the file permissions #just to make sure they're all correct find -type f -exec chmod u+rw,g+rws,o-rwx "{}" ";" MF -- Mike Fedyk "They that can give up essential liberty Information Systems to obtain a little temporary safety Match Mail Productions Inc. deserve neither liberty nor safety." mfedyk@matchmail.com Ben Franklin
Gary Jollymore wrote:> > thanks for your quick reply. > > my goal is to have a certain three users access the samba share. Any of > these three users should be able both to create a file and to be able to > edit files created by the other two users. > > i was thinking of using the 'force create mode 0770' directive in smb.conf, > but it does not seem to work. > > w/r to your suggestion: if i use suid, will that introduce securty risks? > > also, tx for the point of "Why do you want the excel file to be user > executable?" > > gary >Setting a directory SGID only makes files created in that directory have the same group as the directory. You need to set the umask to 007 in your case. User and groups have access but "other" has no access. You also need to make sure that all users are in the group that the directory is set to, or change the directory's group. The idea is to have the unix semantics to do the work for you, in case you need more than just samba in the future. -- Mike Fedyk "They that can give up essential liberty Information Systems to obtain a little temporary safety Match Mail Productions Inc. deserve neither liberty nor safety." mfedyk@matchmail.com Ben Franklin