samba - Aug 2003 - User directories and groups usage

Morning everyone.

I was playing around today with our PDC setup.
One thing I noticed is that when I setup users to have their 'My
Documents'
directory be /home/<user> everything works well.
One thing I noticed is that the directory, subdirectories and files have 
the owner of the user and the group as per assigned, and permissions as 700.

If I wanted to set it up so a specific group would get assigned the group 
for everyones /home/<user> as well as specific permissions, would I need
to
add something like the following to my smb.conf, under the homes section:

[homes]
    comment = Home Directories
    browseable = no
    writable = yes
    force group = daffy
    force create mode = 770
    force directory mode = 440

Which should set the group to 'daffy' for all files and directories
created
as well as set the new files with 770 and new directories as 440.

That look about right?

Thanks.

Jason

At 10:30 14-8-03 -0700, you wrote:
>Morning everyone.
>
>I was playing around today with our PDC setup.
>One thing I noticed is that when I setup users to have their 'My 
>Documents' directory be /home/<user> everything works well.
>One thing I noticed is that the directory, subdirectories and files have 
>the owner of the user and the group as per assigned, and permissions as 700.
>
>If I wanted to set it up so a specific group would get assigned the group 
>for everyones /home/<user> as well as specific permissions, would I
need
>to add something like the following to my smb.conf, under the homes section:
>
>[homes]
>    comment = Home Directories
>    browseable = no
>    writable = yes
>    force group = daffy
>    force create mode = 770
This would make a file readable, writable AND executable for user/group 
owning the files

I would use:
create mask = 660
This wil not make files executable.
>    force directory mode = 440
This would make the directory readable only - not executable, so you can't 
see what's in it and its not writable.

I would use:
create mask = 0770
>Which should set the group to 'daffy' for all files and directories 
>created as well as set the new files with 770 and new directories as 440.
>
>That look about right?
nope - see above - may I ask how you got to 770 and especially 440 ?

To better understand this have a look at:
http://www.ctssn.com/linux/lesson6.html

Greetz,
Cor Lem

Hi yuo miss
if set directory create mode to 440 then this dir is exatly not axesible!
(rr-)
but force directory mode = 440 is only add mask parameter then clasic create
unix mask for user is OR with 440 and mask created unix is 700 + 440 = 740
and this is not axesible for group that need x atribute or wx if need write
to directory.
force create mode is OR for files but AND with create mask try read smb.conf
man.

Bye.

----- Original Message ----- 
From: "Jason Williams" <jwilliams@courtesymortgage.com>
To: <samba@lists.samba.org>
Sent: Thursday, August 14, 2003 7:30 PM
Subject: [Samba] User directories and groups usage

> Morning everyone.
>
> I was playing around today with our PDC setup.
> One thing I noticed is that when I setup users to have their 'My
Documents'
> directory be /home/<user> everything works well.
> One thing I noticed is that the directory, subdirectories and files have
> the owner of the user and the group as per assigned, and permissions as
700.
>
> If I wanted to set it up so a specific group would get assigned the group
> for everyones /home/<user> as well as specific permissions, would I
need
to
> add something like the following to my smb.conf, under the homes section:
>
> [homes]
>     comment = Home Directories
>     browseable = no
>     writable = yes
>     force group = daffy
>     force create mode = 770
>     force directory mode = 440
>
> Which should set the group to 'daffy' for all files and directories
created
> as well as set the new files with 770 and new directories as 440.
>
> That look about right?
>
> Thanks.
>
> Jason
>
> -- 
> To unsubscribe from this list go to the following URL and read the
> instructions:  http://lists.samba.org/mailman/listinfo/samba

At 12:28 14-8-03 -0700, you wrote:
>Actually, now that I look at what I was writing, I feel pretty embarassed 
>actually.
>I did not double check my work in a haste to post the message and run to a 
>meeting.
>
>It does look silly really: 770 and 440. :/
[snip]

so is my anwer - I made an error too - (
>Normally, i'm much more fluent with permissions. I was teseting out a
few
>things with my samba server recently and had some ideas floating around in 
>my head.
>What I wanted to do is make sure any files that are newly created in users 
>/home/<user> directory have a specific group assigned to it ( force
group
>= <group>)
>as well as certain permissions for the user and group.
>
>However, I do have one question:
>
>What is the difference between create mask and create mode? Are these two 
>similar? Nevermind, they are synonyms. :)
>Now, if I wanted to set certain permissions on newly created directories, 
>wouldn't I use directory mask or directory mode? For instance:
>
>directory mask = 0660
[snip]

correct - see below ...
(only 660 wil result in a directory which may NOT be entered (not executable))
>>>    force create mode = 770
>>
>>This would make a file readable, writable AND executable for user/group 
>>owning the files
>>
>>I would use:
>>create mask = 660
>>This wil not make files executable.
create mask is for FILES
>>>    force directory mode = 440
>>
>>This would make the directory readable only - not executable, so you 
>>can't see what's in it and its not writable.
>>
>>I would use:
>>create mask = 0770
my error - I ment directory mask

directory mask is for DIRS

this should be
directory mask = 0770
>>To better understand this have a look at:
>>http://www.ctssn.com/linux/lesson6.html

Hope this clears it up,

Greetz,
Cor Lem

ps
Next time, pls reply in the group - tia