Conta Falsa 337
2009-May-15 13:27 UTC
[Samba] Newbie question - force file permission to user's secondary groups.
samba version is 3.0.28a-1ubuntu4.7 -- I created users on both samba and the linux system, and created 3 groups on the system. Each of these groups own a specific directory, the directory on the filesystem belongs to root.groupfoo. On my smb.conf I gave each of these groups write access to its directory (@groupfoo to the share /groupfoo). So now every linux user belonging to groupfoo can write there. The problem is, groupfoo is not the user's primary group, so the file is created with permission user1.user1, and not user1.groupfoo, therefore, other users belonging to groupfoo cannot edit or delete that file. I read smb.conf manual, but found no option to enforce that if the top directory belongs to root.groupfoo all files created under there will belong to "userxyz.groupfoo", so I set on the filesystem each of those 3 directories to be setgid, so now every file created under, say, /groupbar (belongs to root.groupbar), has this permission: userabc.groupbar. I would like that the file/directory created belongs to the user executing the operation, and to the toplevel group owning that share, since a user can belong to 2 or all of those 3 groups mentioned, knowing that every user does not have any of those 3 groups as primary group. Is this the right approach or did I misunderstood the manual and I should do this only on smb.conf and not have to enforce it on the filesystem? thanks for your time.
Liutauras Adomaitis
2009-May-15 13:32 UTC
[Samba] Newbie question - force file permission to user's secondary groups.
On Fri, May 15, 2009 at 4:27 PM, Conta Falsa 337 <contafalsa337@gmail.com> wrote:> samba version is ?3.0.28a-1ubuntu4.7 > -- > > I created users on both samba and the linux system, and created 3 groups on > the system. Each of these groups own a specific directory, the directory on > the filesystem belongs to root.groupfoo. On my smb.conf I gave each of these > groups write access to its directory (@groupfoo to the share /groupfoo). So > now every linux user belonging to groupfoo can write there. The problem is, > groupfoo is not the user's primary group, so the file is created with > permission user1.user1, and not user1.groupfoo, therefore, other users > belonging to groupfoo cannot edit or delete that file. I read smb.conf > manual, but found no option to enforce that if the top directory belongs to > root.groupfoo all files created under there will belong to > "userxyz.groupfoo", so I set on the filesystem each of those 3 directories > to be setgid, so now every file created under, say, /groupbar (belongs to > root.groupbar), has this permission: userabc.groupbar. I would like that the > file/directory created belongs to the user executing the operation, and to > the toplevel group owning that share, since a user can belong to 2 or all of > those 3 groups mentioned, knowing that every user does not have any of those > 3 groups as primary group. > > ?Is this the right approach ?or did I misunderstood the manual and I should > do this only on smb.conf and not have to enforce it on the filesystem? >Sounds to me this is a force group directive which should take care of this. Liutauras