Scott Shealy
2000-Nov-01 23:43 UTC
I need some clarification of groups(PDC and local unix groups)
(I have been searching for 2 days now for an answer so please forgive me if this has been answed many times)I am trying to set up a samba(2.0.7 on Linux 2.2.17) fileserver for our domain. It is not the PDC. What I want is to create a share that some people can only read and others can read and write. Currently what I have done is configued three local groups on the linux samba box. One group ntuser everyone is a member of and it is there primary group in the /etc/passwd. I have defined two other groups partime(for part time staff) and fulltime (for full timestaff) and placed the appropiate people in them in the /etc/groups file. I want the partime people to only be able to read and the full time people to read and write all files in that share. Here is what I tried [global] workgroup = OURDOMAIN server string = OURSamba Server security = domain password server = ourpdc [IntraNet] comment = IntraNet path = /IntraNet admin users = adminnt valid users = @ntuser read only = yes write list = @fulltime force create mode = 0774 force directory mode = 0775 But this doesn't work right. The domain stuff seems to be working ok. Other simpler shares are working fine with domain authentiation. Can anybody tell me how to accomplish this. Does Samba ignore local groups when security=domain? Does it only look in the primary group(the one set in /etc/passwd). Anyway I missing something here. Could someone please explain this to me. Thanks, Scott Shealy
Mike Fedyk
2000-Nov-02 03:23 UTC
I need some clarification of groups(PDC and local unix groups)
Scott Shealy wrote:> > (I have been searching for 2 days now for an answer so please forgive me if > this has been answed many times)I am trying to set up a samba(2.0.7 on Linux > 2.2.17) fileserver for our domain. It is not the PDC. What I want is to > create a share that some people can only read and others can read and write. > Currently what I have done is configued three local groups on the linux > samba box. One group ntuser everyone is a member of and it is there primary > group in the /etc/passwd. I have defined two other groups partime(for part > time staff) and fulltime (for full timestaff) and placed the appropiate > people in them in the /etc/groups file. I want the partime people to only > be able to read and the full time people to read and write all files in that > share. > > Here is what I tried > [global] > > workgroup = OURDOMAIN > > server string = OURSamba Server > security = domain > password server = ourpdc > > [IntraNet] > comment = IntraNet > path = /IntraNet > admin users = adminnt > valid users = @ntuser > read only = yes > write list = @fulltime > force create mode = 0774 > force directory mode = 0775 > > But this doesn't work right. The domain stuff seems to be working ok. Other > simpler shares are working fine with domain authentiation. Can anybody tell > me how to accomplish this. Does Samba ignore local groups when > security=domain? Does it only look in the primary group(the one set in > /etc/passwd). Anyway I missing something here. Could someone please > explain this to me. > > Thanks, > Scott ShealyGreat, that's fine, as far as I can see, but you have neglected the unix permissions. find /IntraNet -type f -exec chmod 664 "{}" ";" -exec chgrp fulltime "{}" ";" find /IntraNet -type d -exec chmod 2775 "{}" ";" -exec chgrp fulltime "{}" ";" The directories are SGID because you want the files create within to have the same group as the directory, otherwise you would have files grouped to ntuser instead of fulltime. If you don't trust the commands, read the manual for find. -- Mike Fedyk "They that can give up essential liberty Information Systems to obtain a little temporary safety Match Mail Productions Inc. deserve neither liberty nor safety." mfedyk@matchmail.com Ben Franklin