samba - Oct 2002 - Problems of groups accessing shared directory

Hello,

I have problems with people having different groups who access a shared
directory via samba.
The requirements are:
1. There are people with group "group1" and group "group2"
in /etc/passwd
2. 3 people from group "group1" and 2 people from group
"group2" are allowed
to access a shared directory and have read/write access to that directory.

Our solutions are:
1. We made a special additional group called "special" to classify
those
people, and add the entry in /etc/group like:
special:*:9000:person1,person2,person3,person4,person5

2. The name of the shared directory to be accessed via samba is
"ourdir",
the entry in smb.conf is like:
[ourdir]
comment = special group ourdir
path=/home/pub/ourdir
browseable=yes
writeable=yes
create mask=0664
directory mask=775
force directory mode=0511

3. In the linux system, the directory /home/pub/ourdir is chown to root and
chgrp to "special". The permission is 775, so that anyone belong to
the
"special" group has full control to the directory.
drwxrwxr-x     12 root    special    4096  Oct 29 17:15  ourdir

Problems came when person1 put/edit a file via samba (Windows Explorer), the
ownership of the file is person1.group1, instead of person1.special. In this
case, person4.group2 cannot edit the file (doesn't belong to the same
group).
How to make all files written or edited always belonging to group
"special"?
I have tried "force group = special" but it turned out anyone has
access to
the directory, eventhough they're not listed as member of group
"special" in
/etc/group.

Thank you very much for any replies.

-Qonita MS

On Thursday 31 October 2002 10:22 am, Qonita wrote:
> drwxrwxr-x     12 root    special    4096  Oct 29 17:15  ourdir
> How to make all files written or edited always belonging to group
> "special"? I have tried "force group = special" but it
turned out anyone
> has access to the directory, eventhough they're not listed as member of
> group "special" in /etc/group.
i would suggest here a:
chmod g+s ourdir

this will allow everything created under the ourdir directory to have the same 
group ownership as ourdir

-- 
Dimitrios Stergiou
System, Network and Security Administration Group
Intracom S.A

DISCLAIMER: Funny signature follows
-----------------------------------

Johnson's First Law:
	When any mechanical contrivance fails, it will do so at the
	most inconvenient possible time.

Qonita wrote:
>3. In the linux system, the directory /home/pub/ourdir is chown to root and
>chgrp to "special". The permission is 775, so that anyone belong
to the
>"special" group has full control to the directory.
>drwxrwxr-x     12 root    special    4096  Oct 29 17:15  ourdir
>
>Problems came when person1 put/edit a file via samba (Windows Explorer), the
>ownership of the file is person1.group1, instead of person1.special. In this
>case, person4.group2 cannot edit the file (doesn't belong to the same
>group).
>How to make all files written or edited always belonging to group
"special"?
>I have tried "force group = special" but it turned out anyone has
access to
>the directory, eventhough they're not listed as member of group
"special" in
>/etc/group.
After setting the group ownership, also set the sticky bit, ie :

chmod g+s <directory>

This tells Linux to use the group name of that directory, rather than 
the primary group of the user, when creating new files.

Simon

-- 
Simon Hobson, Technical Services Engineer
Colony Gift Corporation Limited
Lindal in Furness, Ulverston, Cumbria, LA12 0LD
Tel 01229 461100, Fax 01229 461101

Registered in England No. 1499611
Regd. Office : 100 New Bridge Street, London, EC4V 6JA.