On Thu, 23 Oct 2003, Matt Beglinger wrote:
> Hello,
>
> I'm setting a PDC/fileserver for my company. All the files are being
> hosted on the Samba PDC server. We have a single company directory that
> everyone in the company has full access to. Inside the shared company
> directory is a directory (among many others) that I would only like
> certain users to be able to view. I know this is possible but here's
the
> problem:
>
> As far as I know, for everyone to share files happily I had to set the
> "force create mask" option to 0777. Without this option set
whenever an
> employee would save a Word document and another employee were to load
> that document it would load as "read only". If I manually changed
the
> permission to 777 for that file and that same employee were to reopen
> the file, it would open just fine without "read only" status.
That's
> where I got the idea of forcing permissions to 777.
>
> So maybe I'm going about this all the wrong way, but to recap:
>
> We have a company directory that we want all employees to be able to
> view/edit/change whatever. But there is a directory within this shared
> directory that we would only like a certain list of people to have
> access to. But I've found it necessary to "force create mask"
of 777
> because of the "read only" problem.
>
> Anyone have a idea. I'm stumped and haven't had any success yet.
Have you tried setting the user and group ownership of hte directory to
what you want, and then setting SUID/SGID on the dierectory? This way all
files in the directory get written with the ownership of the directory.
You can then have sub-directories that have differing user and group
ownership providing the exact effect you want.
Samba is share settings are a poor substitute for what is easily done in
the OS.
If you need further info check out the Samba-HOWTO.Collection.pdf for
Samba-3. It's available from the Samba Web site. You need to check the
chapter titled "File, Directory and Share Access Controls".
Cheers,
John T.
--
John H Terpstra
Email: jht@samba.org