Scott Shealy
2000-Nov-02 20:31 UTC
I need some clarification of groups(PDC and local unix groups )
Ok I did that... and that makes complete sense but it is still not working. Users in the fulltime group are able to read from the directory but they are not able to write in the directories. Remember these users primary group(the one in the /etc/passwd file) is ntuser. Thanks, Scott -----Original Message----- From: Mike Fedyk [mailto:mfedyk@matchmail.com] Sent: Wednesday, November 01, 2000 10:24 PM To: Scott Shealy Cc: 'samba@lists.samba.org' Subject: Re: I need some clarification of groups(PDC and local unix groups) Scott Shealy wrote:> > (I have been searching for 2 days now for an answer so please forgive meif> this has been answed many times)I am trying to set up a samba(2.0.7 onLinux> 2.2.17) fileserver for our domain. It is not the PDC. What I want is to > create a share that some people can only read and others can read andwrite.> Currently what I have done is configued three local groups on the linux > samba box. One group ntuser everyone is a member of and it is thereprimary> group in the /etc/passwd. I have defined two other groups partime(for part > time staff) and fulltime (for full timestaff) and placed the appropiate > people in them in the /etc/groups file. I want the partime people to only > be able to read and the full time people to read and write all files inthat> share. > > Here is what I tried > [global] > > workgroup = OURDOMAIN > > server string = OURSamba Server > security = domain > password server = ourpdc > > [IntraNet] > comment = IntraNet > path = /IntraNet > admin users = adminnt > valid users = @ntuser > read only = yes > write list = @fulltime > force create mode = 0774 > force directory mode = 0775 > > But this doesn't work right. The domain stuff seems to be working ok.Other> simpler shares are working fine with domain authentiation. Can anybodytell> me how to accomplish this. Does Samba ignore local groups when > security=domain? Does it only look in the primary group(the one set in > /etc/passwd). Anyway I missing something here. Could someone please > explain this to me. > > Thanks, > Scott ShealyGreat, that's fine, as far as I can see, but you have neglected the unix permissions. find /IntraNet -type f -exec chmod 664 "{}" ";" -exec chgrp fulltime "{}" ";" find /IntraNet -type d -exec chmod 2775 "{}" ";" -exec chgrp fulltime "{}" ";" The directories are SGID because you want the files create within to have the same group as the directory, otherwise you would have files grouped to ntuser instead of fulltime. If you don't trust the commands, read the manual for find. -- Mike Fedyk "They that can give up essential liberty Information Systems to obtain a little temporary safety Match Mail Productions Inc. deserve neither liberty nor safety." mfedyk@matchmail.com Ben Franklin