Hi, All.
I'm running Samba 2.0.7 under VA Linux (RedHat 6.2). As is common, I have a
number of shares created that should be available only to certain groups.
For example:
[cmplianc]
comment = Compliance share
path=/home/groups/cmplianc
valid users = @cmplianc, @it
public = No
writable = Yes
printable = No
And this is fine. Then they wish to have certain files within that share to
have the DOS/Windows read-only attribute set, so I add the lines:
map hidden = Yes
map system = Yes
map archive = Yes
to the [Global] section.
But that doesn't seem to be enough. If the Linux owner of the document
wishes to update the attributes, it works, but if anyone else in the group
(and the group is set appropriately on the file) needs to modify the
document, they cannot. So, I add this to the share:
force user = cmplianc
and create a "user" called "cmplianc". Now it works, but at
the expense of
the actual user name as Linux owner of the file. Everyone in the group
becomes user "cmplianc" for that share. I can live with that, but is
there
a way to preserve the Linux user name as owner and still provide the groups
sharing of files AND allow the DOS/Windows attributes to be honored?
Also, I've been asked to provide similar functionality to the Public share;
that is, allow users to set the read-only attributes on some of the files in
the Public share. I've tried a similar approach: create a dummy Linux user
called "public" and added "force user = public" to the
[public] share, but
it doesn't seem to work here. The permissions on the directory are:
drwxrwxr-x 20 public users 4096 Oct 12 10:39 /home/public
What am I missing? Thanks in advance. A more complete view of smb.conf is
below.
-Bill
[global]
workgroup = ORGANICS
netbios name = LINUX02
server string = Samba Server
security = DOMAIN
domain logons = No
encrypt passwords = Yes
password server = *
log file = /var/log/samba/log.%m
max log size = 50
username map = /etc/smbusermap.conf
domain master = No
local master = No
preferred master = No
os level = 0
announce as = NT Workstation
announce version = 4.0
socket options = TCP_NODELAY, SO_KEEPALIVE
keepalive = 0
message command=/usr/bin/linpopup "%f" "%m" %s; rm
%s
guest account = smbuser
create mask = 0777
directory mask = 0777
hosts allow = localhost, 10.111.1.0/255.255.255.0
print command = lpr -r -P%p %s
printer driver file = /home/samba/printer/printers.def
map hidden = Yes
map system = Yes
map archive = Yes
[public]
comment = Public
path = /home/public
writeable = Yes
guest ok = Yes
force user = public
[cmplianc]
comment = Compliance share
path=/home/groups/cmplianc
valid users = @cmplianc, @it
public = No
writable = Yes
printable = No
force user = cmplianc
Bill, On Thu, 12 Oct 2000 10:51:52 -0500, Bill Grzanich wrote:>[...] So, I add this to the share: > > force user = cmplianc > >and create a "user" called "cmplianc". Now it works, but at the >expense of the actual user name as Linux owner of the file. Everyone >in the group becomes user "cmplianc" for that share. I can live with >that, but is there a way to preserve the Linux user name as owner and >still provide the groups sharing of files AND allow the DOS/Windows >attributes to be honored?Loud and clear: No. "force user = x" means Samba will act as x. Point.>Also, I've been asked to provide similar functionality to the Public >share; that is, allow users to set the read-only attributes on some >of the files in the Public share. I've tried a similar approach: >create a dummy Linux user called "public" and added "force user = >public" to the [public] share, but it doesn't seem to work here.>[public] > comment = Public > path = /home/public > writeable = Yes > guest ok = Yes > force user = public >[cmplianc] > comment = Compliance share > path=/home/groups/cmplianc > valid users = @cmplianc, @it > public = No > writable = Yes > printable = No > force user = cmpliancI cannot explain the latter issue, but look at the differences: [public} has "guest ok = yes", [cmplianc] has "public = no" (synonym to "guest ok"). I'm not quite sure as whom Samba will act with "guest ok = yes" but you might try to set "guest ok = no" on [public] and make sure every file is owned by user public. Regards, Robert -- --------------------------------------------------------------- Robert.Dahlem@gmx.net Fax +49-69-432647 --------------------------------------------------------------- Sent using PMMail (http://www.pmmail2000.com) - fast, decent, email software; far better than Outlook. Try it sometime.
On Thu, 12 Oct 2000 10:51:52 -0500, Bill Grzanich wrote:>[...] So, I add this to the share: > > force user = cmplianc > >and create a "user" called "cmplianc". Now it works, but at the >expense of the actual user name as Linux owner of the file. Everyone >in the group becomes user "cmplianc" for that share. I can live with >that, but is there a way to preserve the Linux user name as owner and >still provide the groups sharing of files AND allow the DOS/Windows >attributes to be honored?Sure: you use groups instead, and set the permissions so that group write will always be granted. If your users are in different groups, and you want everyone to access that share, you can also use force group.>Also, I've been asked to provide similar functionality to the Public >share; that is, allow users to set the read-only attributes on some >of the files in the Public share.The persons setting the attribute will need read-write access to the directory the files are in... Hmmn: is this the right question? DOS provided the read-only bit to users so they could protect their files against the user accidentally writing them. Unix provides permissions to keep **other** users from writing them. I think we have a mismatch! Why do your users want to make these file read-only and public? --dave -- David Collier-Brown, | Always do right. This will gratify some people 185 Ellerslie Ave., | and astonish the rest. -- Mark Twain Willowdale, Ontario | //www.oreilly.com/catalog/samba/author.html Work: (905) 415-2849 Home: (416) 223-8968 Email: davecb@canada.sun.com