Hai All, I have a setup with Samba share + ADS.. All my Windows XP machine is login to ADS Server also my samba share machine Everything working fine.. except some security permission, Users can access all share with out username and password.. once if they login to Windows2003 ADS. In almost all share I allow read write permission in group wise All my need is... who ever creating a file or folder... they must not be the owner only administer must be.. then only we can restrict the deletion of Valuable Data most of my share is more then 1000GB If I change the ownership from Linux with some scripts & crontab its creating a big accessing problem from WindowsXP systems and I have to setup all the security permission again from Windows.. Is there any way to create files and folders only with the ownership of administer and with stickybit permission Here is my correct samba share configuration... #=========================== Global Settings ===============================[global] workgroup = MYDOMAIN server string = Samba Server log file = /var/log/samba/%m.log max log size = 50 security = ads encrypt passwords = yes socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 dns proxy = no #=========================== Share Definitions ============================= #ldap idmap suffix = ou=emplist,dc=dqe,dc=com password server = 172.16.20.200 realm = MYDOMAIN.COM idmap uid = 16777216-33554431 idmap gid = 16777216-33554431 template shell = /bin/bash template homedir = /home/%D/%U allow trusted domains = no idmap backend = idmap_rid:DQE=16777216-33554431 winbind use default domain = yes [vol08] path = /vol08_700 writable = yes public = yes nt acl support = yes create mask = 0755 security mask = 0755 inherit permissions = yes inherit acls = yes force security mode = 0 directory security mask = 0777 force directory security mode = 0 ============================================================================Please Share Your knowledge to solve this problem... Thank You in Advance, Regards, Jerrynikki.
Hai All, I have a setup with Samba share + ADS.. All my Windows XP machine is login to ADS Server also my samba share machine Everything working fine.. except some security permission, Users can access all share with out username and password.. once if they login to Windows2003 ADS. In almost all share I allow read write permission in group wise All my need is... who ever creating a file or folder... they must not be the owner only administer must be.. then only we can restrict the deletion of Valuable Data most of my share is more then 1000GB If I change the ownership from Linux with some scripts & crontab its creating a big accessing problem from WindowsXP systems and I have to setup all the security permission again from Windows.. Is there any way to create files and folders only with the ownership of administer and with stickybit permission Here is my correct samba share configuration... #=========================== Global Settings ===============================[global] workgroup = MYDOMAIN server string = Samba Server log file = /var/log/samba/%m.log max log size = 50 security = ads encrypt passwords = yes socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 dns proxy = no #=========================== Share Definitions =============================#ldap idmap suffix = ou=emplist,dc=dqe,dc=com password server = 172.16.20.200 <http://172.16.20.200> realm = MYDOMAIN.COM <http://MYDOMAIN.COM> idmap uid = 16777216-33554431 idmap gid = 16777216-33554431 template shell = /bin/bash template homedir = /home/%D/%U allow trusted domains = no idmap backend = idmap_rid:DQE=16777216-33554431 winbind use default domain = yes [vol08] path = /vol08_700 writable = yes public = yes nt acl support = yes create mask = 0755 security mask = 0755 inherit permissions = yes inherit acls = yes force security mode = 0 directory security mask = 0777 force directory security mode = 0 ============================================================================Please Share Your knowledge to solve this problem... Thank You in Advance, -- regards, Jerrynikki -------------------------------------------------------------------------------
Something like this chown root /root/root chmod -R ug+s /root/root if I remember right ;) -- Med venlig hilsen / Kind Regards Daniel Hindbo Jensen Direkte Telefon / Direct Phone: +45 87 113 110 Ingeni?rfirmaet Poul Tarp A/S - http://www.tarp.dk/ <http://www.tarp.dk> Telek?den A/S - http://www.telekaeden.dk/ <http://www.telekaeden.dk> / http://www.tkmobil.dk <http://www.tkmobil.dk/>