>Would someone please help me with the "create mode/mask" settings
and/or
>others if needed, or point me to some docs. In the following 2 examples, I
>cannot find the correct settings:
>I use the [netlogon] share, and edit logon scripts there from my Windows
>machine. The group gets set to my user name's group (mi), execute by
others
>is not set, and I'm the only one for whom logon scripts are executed.
<I may not know what I'm talking about>
There are very specific permissions that must be setup for the files in the
netlogon share so that the client machine knows to execute them. You really
don't want the files to be writable at all from the [netlogon] share. That
entire share should be readonly, I believe. Note that UNIX permissions, such as
execute, have nothing to do with obvious meanings in a Windows environment.
</I may not know what I'm talking about>
Windows file attributes are mapped to UNIX permissions, but a file can be -x in
UNIX and still be 'executable' from windows/dos.
>What are the correct settings for this?
>
>A different case, probably also very classical, is the web server's
share:
>
>It should be readable and executable by everybody, and writable by the
>@webmasters only.
That is an interesting one. I'm currently in the process of explaining to
my set of webmasters that they can not use HTML editors that don't correct
links for relative addresses when they save their work to the FILE SERVER, and
want to browse it from the web server.
I'm assuming you are using a system similar to Linux, that is users can be
in multiple groups at the same time (the id(2) cmd will verify that) and that
directories can be group sticky so that permissions will propagate to their
contents.
- Create a UNIX group named webusers or something
- Put all your webmaster people in the webusers group
- Do the following two commands:
$ find <path to public_html root> -type d -exec chmod 2775 {} \;
$ find <path to public_html root> -exec chgrp webusers {} \; \
-exec chmod 775 {} \;
The first one will make all directories sticky, user and group writable, and
publicly accessible. The second one makes all files and dirs owned by the
webusers group and user and group writable and publicly readable.
- use these parameters for your web accessible share:
[public_html]
read only = yes
write ok = @webusers
force group = webusers
create mode = 0775
directory mode = 2775
Check those parameter names... I have a feeling that it may be 'force
directory mode'... Unfortunately, I don't have samba installed on my
machines
at home, since they all run UNIX, so I can't easily check right now. But
that's the jist of it.
>How do I control the owner and group of a changed/created file, so it is
>not the individual user?
Use the 'force group', and 'create mode' parameters. I find it
helpful to not force user permissions, because then you can tell who it was that
last changed a file. Forcing a group, as above, is all I've ever needed.
I've never used the mask option, because on the shares where I've had to
enforce group permissions, it wasn't important that a file retain it's
DOS attributes (system/hidden/readonly(which WinNT doesn't really enforce
anyway-I don't consider boxes like 'X is read-only, are you sure?'
to be enforcing attributes)). I do know there is a description of an application
of mode and mask parameters in the docs directory included with the source.
Andy.