Hi people, I'd like to understand valid users and file permissions better. I have a share which is not behaving as I expect. [family] path = /home/shares/family create mask = 0664 directory mask = 0775 force group = parental guest ok = No valid users = @parental, @family writeable = Yes in Group parental are mum & dad; in group family are mum, dad and offspring. With file permissions of 0664 and force group parental, I would expect the offspring to be able to browse the share but not write to or delete from it. Unfortunately, they can both write and delete. How do I achieve this please? -- ------------------------------------------------------------------------ Kind Regards Kyle
On Mon, Oct 20, 2008 at 5:37 PM, Kyle <kl@attitia.com> wrote:> Hi people, > > I'd like to understand valid users and file permissions better. I have a > share which is not behaving as I expect. > > [family] > path = /home/shares/family > create mask = 0664 > directory mask = 0775 > force group = parental > guest ok = No > valid users = @parental, @family > writeable = Yes > > in Group parental are mum & dad; in group family are mum, dad and offspring. > > With file permissions of 0664 and force group parental, I would expect the > offspring to be able to browse the share but not write to or delete from it. > Unfortunately, they can both write and delete. >Since you are using the force group, I believe that means that everyone who connects to the share does that as the parental group so they get read and write permissions.> How do I achieve this please? >I would get rid of the force group and use acls on the *nux filesystem John
Simply removing force group and setting the dir's unix group owner to "parental". This should leave the children to read only> ----- Original Message ----- > From: "John Drescher" <drescherjm@gmail.com> > To: Kyle <kl@attitia.com> > Subject: Re: [Samba] valid users and file permissions > Date: Mon, 20 Oct 2008 17:45:30 -0400 > > > On Mon, Oct 20, 2008 at 5:37 PM, Kyle <kl@attitia.com> wrote: > > Hi people, > > > > I'd like to understand valid users and file permissions better. I have a > > share which is not behaving as I expect. > > > > [family] > > path = /home/shares/family > > create mask = 0664 > > directory mask = 0775 > > force group = parental > > guest ok = No > > valid users = @parental, @family > > writeable = Yes > > > > in Group parental are mum & dad; in group family are mum, dad and offspring. > > > > With file permissions of 0664 and force group parental, I would expect the > > offspring to be able to browse the share but not write to or delete from it. > > Unfortunately, they can both write and delete. > > > Since you are using the force group, I believe that means that > everyone who connects to the share does that as the parental group so > they get read and write permissions. > > > How do I achieve this please? > > > I would get rid of the force group and use acls on the *nux filesystem > > John > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/listinfo/samba>-- Powered by Outblaze
I believe you'd need to add a line: write list = parents write list = mum dad I'm not sure if the top would work, anyone is samba group aware? The bottom should work but the problem would be if the members of the group were to change you'd have to change the smb.conf file too which isn't the cleanest solution. On Oct 20, 2008, at 11:37 PM, Kyle wrote:> Hi people, > > I'd like to understand valid users and file permissions better. I > have a share which is not behaving as I expect. > > [family] > path = /home/shares/family > create mask = 0664 > directory mask = 0775 > force group = parental > guest ok = No > valid users = @parental, @family > writeable = Yes > > in Group parental are mum & dad; in group family are mum, dad and > offspring. > > With file permissions of 0664 and force group parental, I would > expect the offspring to be able to browse the share but not write > to or delete from it. Unfortunately, they can both write and delete. > > How do I achieve this please? > -- > ------------------------------------------------------------------------ > Kind Regards > > Kyle > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/listinfo/samba