Read-only and shares

Bill Grzanich organix4 at mindspring.com
Mon Oct 16 15:03:37 GMT 2000 

Hi, David.

----- Original Message -----
From: "David Collier-Brown" <David.Collier-Brown at canada.sun.com>
To: "Bill Grzanich" <organix4 at mindspring.com>; <samba at us4.samba.org>
Sent: Friday, October 13, 2000 6:56 AM
Subject: Re: Read-only and shares


> On Thu, 12 Oct 2000 10:51:52 -0500, Bill Grzanich wrote:
>
> >[...] So, I add this to the share:
> >
> >        force user = cmplianc
> >
> >and create a "user" called "cmplianc".  Now it works, but at the
> >expense of the actual user name as Linux owner of the file.  Everyone
> >in the group becomes user "cmplianc" for that share.  I can live with
> >that, but is there a way to preserve the Linux user name as owner and
> >still provide the groups sharing of files AND allow the DOS/Windows
> >attributes to be honored?
>
> Sure: you use groups instead, and set the
> permissions so that group write will always be
> granted.
>
> If your users are in different groups, and you
> want everyone to access that share, you can
> also use force group.
>

Hmmm, I believe I tried using groups, but without success.  As I recall, the
group membership seemed to have little impact on the privileges.  That is,
the file creator could add/change/delete the file, and set attributes, but
other members of his or her group could not.  Made the whole concept of
"group" seem kind of meaningless to me, so I did the "force user" thing.
Perhaps it was not having the correct permissions somewhere.  You say "set
the permissions so that group write will always be granted"; does that mean
using "force directory mode" and "force create mode"?

> >Also, I've been asked to provide similar functionality to the Public
> >share; that is, allow users to set the read-only attributes on some
> >of the files in the Public share.
>
> The persons setting the attribute will need read-write access
> to the directory the files are in...
>
> Hmmn: is this the right question?  DOS provided the read-only
> bit to users so they could protect their files against
> the user accidentally writing them.  Unix provides permissions
> to keep **other** users from writing them.  I think we have
> a mismatch!
>
> Why do your users want to make these file read-only and public?
>

There are files that should be readable by the general user population.  By
placing them in Public, there is the chance that that might accidentally get
deleted or changed, and the read-only attribute is a (weak) attempt to
prevent that.  It does not prevent willful modification, but simply acts as
a warning that the file should not be changed.

Thanks very much for your help.

-Bill

More information about the samba mailing list