dpgirago@mdanderson.org
2003-Nov-25 17:32 UTC
[Samba] Multiple Users On One Share With Permissions=755 for Created Files
Howdy Samba Group, I'm about 2 clicks away from being a total Samba newbie, but I did manage to get one up and running on RH9 in a W2K / Novell for Windows environment. The shares are set up like this: -- each member of the group has a private share accessible only from their desktops -- a common share, 'research ', accessible to any member of the research group from any of the computers belonging to any of these members -- a guest share accessible from anywhere in our subnet ( by anyone who knows the username and password, of course ). And now I've been asked to set up -- or alter the config file for -- a share for members of the research group whereby each member can create files with RWX for themselves but others can only R - X . This is to allow joint code development in the group. But not only do I not know how to do this, I'm not sure it can even be done. Don't you access a share by supplying a username and password, and wouldn't that then identify each connection as that particular user? If so, then all files created would essentially have been done so by the same user, no? If anyone can confirm or contradict my thinking, or point me in the right direction conceptually, I'd be much obliged. TIA, dave
Ed Holden
2003-Nov-25 18:26 UTC
[Samba] Multiple Users On One Share With Permissions=755 for Created Files
Dave, I think the best way to set this up is not with a Samba feature, but rather with UNIX permissions on your Red Hat server. Generally a shared directory needs a group "sticky bit" on the parent directory to be really useful. So you'd make your research directory owned by root and by a group that we'll call "research." # ls -l drwxrwx--- root research Then you'd add the sticky bit: # chmod g+s research # ls -l drwxrws--- root research Note the "s." The x is still there; if it weren't the S would be capitalized. On directories a group sticky bit will cause amy newly-created contents to inherit the group of the parent directory. So the ownership will be for each individual, but the group will be research, allowing everyone in that group to share files. You should do that for all of your shared directories, including this one. For this particular directory you should also use a mask on the share. [sharename] create mask = 0750 directory mask = 0770 This will cause created files to be mode 750, which is rwxr-x---. The directory mask allows people to create subdirectories that can then have files added to it. Try that and see if it works. -Ed :: Ed Holden :: Administrator, Research Information Systems :: McLean Hospital dpgirago@mdanderson.org wrote:> Howdy Samba Group, > > I'm about 2 clicks away from being a total Samba newbie, but I did manage > to get one up and running on RH9 in a W2K / Novell for Windows > environment. > The shares are set up like this: > > -- each member of the group has a private share accessible only from > their desktops > -- a common share, 'research ', accessible to any member of the research > group from any of the computers belonging to any of these members > -- a guest share accessible from anywhere in our subnet ( by anyone who > knows the username and password, of course ). > > And now I've been asked to set up -- or alter the config file for -- a > share for members of the research group whereby each member can create > files with RWX for themselves but others can only R - X . This is to allow > joint code development in the group. But not only do I not know how to do > this, I'm not sure it can even be done. Don't you access a share by > supplying a username and password, and wouldn't that then identify each > connection as that particular user? If so, then all files created would > essentially have been done so by the same user, no? > > If anyone can confirm or contradict my thinking, or point me in the right > direction conceptually, I'd be much obliged. > > TIA, > > daveAny information, including protected health information (PHI), transmitted in this email is intended only for the person or entity to which it is addressed and may contain information that is privileged, confidential and or exempt from disclosure under applicable Federal or State law. Any review, retransmission, dissemination or other use of or taking of any action in reliance upon, protected health information (PHI) by persons or entities other than the intended recipient is prohibited. If you received this email in error, please contact the sender and delete the material from any computer.