Steve_Lyle/PlasticMoldings%PLASTICMOLDINGS@plasticmoldings.com
2003-Jun-19 21:23 UTC
[Samba] Win(yuck)NT
In migrating to Samba on FreeBSD from Win(yuck)NT, I?ve run into this
hitch.
Let us say I have 9 users named
User1, User2, User3, ? User9
User1 is a member of group wheel
User2 & User3 have the administrative task (add/change/delete) of managing
the content of the directory Dirc1 and all subordinate objects (files and
directories).
Dirc1 is the directory /usr/Shared/Dirc1. Only User1 will need to delete
Dirc1, but if it helps then User2 & User3 can also delete Dirc1.
All users can read anything in Dirc1 and all subordinate objects as well.
All users can contribute (add/change/delete) anything in the Everyone
directory which is /usr/Shared/Dirc1/Everyone
Shared is a Samba service.
As User2 & User3 add new objects subordinate to Dirc1 they are to retain
the permissions necessary to add/change/delete all current and new objects
in Dirc1.
All users can add/change/delete anything anywhere else in Shared
All end-user efforts are performed from Windows NT workstations.
(This is essentially what I have on an NT file system and would like to
maintain this structure to prevent confusion.)
Finally,
Samba ACL support is not compiled into Samba because that option is broken
between this version of FreeBSD and this version of Samba.
1) How do I configure the Shared, Dirc1 & Everyone directories in terms of
the Unix file permissions and ownerships to support this?
2) How do I configure the Shared service in Samba to support this?
3) How do I configure the User2 & User3?
4) What else will be necessary?
Steve_Lyle/PlasticMoldings%PLASTICMOLDINGS@plasticmoldings.com wrote:> > In migrating to Samba on FreeBSD from Win(yuck)NT, I?ve run into this > hitch. > > Let us say I have 9 users named > User1, User2, User3, ? User9 > > User1 is a member of group wheel > > User2 & User3 have the administrative task (add/change/delete) of managing > the content of the directory Dirc1 and all subordinate objects (files and > directories). > > Dirc1 is the directory /usr/Shared/Dirc1. Only User1 will need to delete > Dirc1, but if it helps then User2 & User3 can also delete Dirc1. > > All users can read anything in Dirc1 and all subordinate objects as well. > > All users can contribute (add/change/delete) anything in the Everyone > directory which is /usr/Shared/Dirc1/Everyone > > Shared is a Samba service. > > As User2 & User3 add new objects subordinate to Dirc1 they are to retain > the permissions necessary to add/change/delete all current and new objects > in Dirc1. > > All users can add/change/delete anything anywhere else in Shared > > All end-user efforts are performed from Windows NT workstations. > > (This is essentially what I have on an NT file system and would like to > maintain this structure to prevent confusion.) > > Finally, > Samba ACL support is not compiled into Samba because that option is broken > between this version of FreeBSD and this version of Samba. > > > 1) How do I configure the Shared, Dirc1 & Everyone directories in terms of > the Unix file permissions and ownerships to support this?Create an admin group, and an everyone group - I've used "smbadmin" and "everyone". Then make /usr/Shared group owned by everyone, and group writable and *SGID*.Make /usr/Shared/Dirc1/Everyone group owned by "everyone", group writable, and SGID. Make /usr/Shared/Dirc1/ group owned by "smbadmin", and SGID.> 2) How do I configure the Shared service in Samba to support this?Something like this:- [dirc1] comment = Dirc1 general file share path = /usr/Shared/ valid users = @everyone admin users = @smbadmin writeable = Yes create mask = 0755 force create mode = 020 directory mask = 02775 force directory mode = 02070 map system = Yes map hidden = Yes> 3) How do I configure the User2 & User3?Make them members of smbadmin.> 4) What else will be necessary?That should be about it, if I've understood what you're after correctly. The SGOD bit governs file creation semantics, so this will work on an empty directory tree. If you copy a load of files across from NT, you'll have to go through all the directories recursively, setting the SGID bit as necessary. HTH, Mike.