samba - Jan 2007 - Group permissions issue migrating from 2.2.8a to 3.0.23a

Hi, 

I have a share that worked fine in samba 2.2.8a, users were able to read and 
write to the share, and edit files. After migrating to 3.0.23a, users are no 
longer able to edit existing files.

Samba 2.2.8a config:
[sales]
        comment = SALES
        path = /home/netshare/sales
        read list = @purch, @shipping
        write list = @adm, @mgt, @sales, @vag, +hap
        force group = +sales
        create mask = 0664
        directory mask = 00
        force directory mode = 01775
        vfs object = /usr/local/samba/recycle.so
        vfs options = /etc/samba/salesrecycle.conf

Samba 3.0.23a config:
[sales]
        comment = SALES
        path = /home/netshare/sales
        read list = @purch, @shipping
        write list = @adm, @mgt, @sales, @vag, +hap
        force group = +sales
        create mask = 0664
        directory mask = 00
        force directory mode = 01775
        vfs objects = recycle:recycle
        recycle:repository = .recycle/%U
        recycle:keeptree = Yes
        recycle:touch = Yes
        recycle:versions = No

the directory the file is in has the following permissions:
drwxrwxr-t  3 tpw sales
the file has:
-rwxrw-r--  1 tpw sales

I can only edit the file as user tpw. In samba 2.2.8a, anyone in the sales 
group could edit the file.

Additionally, it seems that samba is changing the group to tpw when saving the 
file as user tpw. The unix group "sales" exists and the user
"tpw" is a
memeber of that group. Shouldn't the "force group = +sales" cause
the group
to be "sales" when the file is saved?

Has something changed with samba? If so, how do I need to configure this share 
to allow users in group sales to edit files?

Thanks, 
Tim
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url :
http://lists.samba.org/archive/samba/attachments/20070115/b43eb04d/attachment.bin

Thanks for the response Thomas, questions below...

On Monday 15 January 2007 2:13 pm, you wrote:
> Tim Wunder wrote:
> > I have a share that worked fine in samba 2.2.8a, users were able to
read
> > and write to the share, and edit files. After migrating to 3.0.23a,
users
> > are no longer able to edit existing files.
>
> I would use 3.0.23d - there were some changes in group behaviour.
>
> > Samba 3.0.23a config:
> > [sales]
> >         comment = SALES
> >         path = /home/netshare/sales
> >         read list = @purch, @shipping
>
> Try       read list = +purch, +shipping
>
> >         write list = @adm, @mgt, @sales, @vag, +hap
>
> Try       write list = +adm, +mgt, +sales, +vag, +hap
>
Changing the @ to a + seems to make no difference.
Also, according to the Help file that came with samba, the @ is the proper 
syntax:
"This is a list of users that are given read-write access to a service. If
the
connecting user is in this list then they will be given write access, no 
matter what the read only option is set to. The list can include group names 
using the @group syntax."
> >         force group = +sales
>
> Try       force group = sales
>
> > I can only edit the file as user tpw. In samba 2.2.8a, anyone in the
> > sales group could edit the file.
>
> You need the '+' as group flag now (tested with 3.0.23d).
>
> > Additionally, it seems that samba is changing the group to tpw when
> > saving the file as user tpw. The unix group "sales" exists
and the user
> > "tpw" is a memeber of that group. Shouldn't the
"force group = +sales"
> > cause the group to be "sales" when the file is saved?
>
> No. You must have no group flag (+) in 'force group' because
'force
> group' forces ... a group and not also users as in 'read list'
and
> 'write list' ;)
Again, according to the Help file, "In Samba 2.0.5 and above this parameter
has extended functionality in the following way. If the group name listed 
here has a '+' character prepended to it then the current user accessing
the
share only has the primary group default assigned to this group if they are 
already assigned as a member of that group."
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url :
http://lists.samba.org/archive/samba/attachments/20070115/761baa5d/attachment.bin