Here is my scenario: I have two directories that have their access controlled by secondary groups of the users. \\server\coolguys is available to the group 'admins' while the directory \\server\averagejoes is accessible to the group 'lusers'. I have a user, we'll call him joe, that is primarily in the admins group, but is also in lusers. If joe is to copy a directory or a set of files from coolguys and place it into averagejoes, the directory still has the gid info from admins. This causes a problem for 95% of the people in lusers as they can't touch the directory. The three inherit flags that are listed seem to work on everything else but group membership. Is there a way that I can get an inherit group-style option to work? Using forcegroup doesn't work so hot because in the actual situation, there are more layers below the share that have their own group restrictions. \\server\averagejoes\accountants and \\server\averagejoes\consultants can both have corresponding group flags set to deny access to other than the proper group flags. ------------------------------------------------------------------ Paul Gienger Office: 701-281-1884 Applied Engineering Inc. Systems Architect Fax: 701-281-1322 URL: www.ae-solutions.com mailto: pgienger@ae-solutions.com
On Mon, Oct 24, 2005 at 09:34:14AM -0500, Paul Gienger wrote:> Here is my scenario: > > I have two directories that have their access controlled by secondary groups > of the users. \\server\coolguys is available to the group 'admins' while > the directory \\server\averagejoes is accessible to the group 'lusers'. I > have a user, we'll call him joe, that is primarily in the admins group, but > is also in lusers. If joe is to copy a directory or a set of files from > coolguys and place it into averagejoes, the directory still has the gid info > from admins. This causes a problem for 95% of the people in lusers as they > can't touch the directory. > > The three inherit flags that are listed seem to work on everything else but > group membership. Is there a way that I can get an inherit group-style > option to work?I didn't add an inherit group option because the UNIX filesystem can already do this without Samba. Read up on setting the SGID bit on a directory (BSD semantics requested) which causes new files to inherit the group from the directory not the file. Jeremy.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Paul Gienger wrote: | The three inherit flags that are listed seem to work on | everything else but group membership. This is a Unix thing. Just set the group id bit on the parent directory (chmod g+s dir) cheers, jerry ====================================================================Alleviating the pain of Windows(tm) ------- http://www.samba.org GnuPG Key ----- http://www.plainjoe.org/gpg_public.asc "There's an anonymous coward in all of us." --anonymous -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.0 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFDXS4QIR7qMdg1EfYRAgiIAKCgUF96/zUymWNusZmen3CpAOQYPQCffaQG MV6Dr9CmgSjo9lFTA00gRmA=vtMg -----END PGP SIGNATURE-----