[Samba] file permissions on home directories and admin user copying files to it

Fri Nov 14 00:47:09 GMT 2003

I don't think you really can change that, because the default nature of
Unix is who ever creates a file owns it, no matter what directory it's
in(As long as they have write access to that dir).  Samba just does a
remote->local mapping that grant the remote user whatever access they
are mapped to, but when they create the file, they still own it.  If you
use a rpc or ads setup, and configure nss and pam together with it, you
can make so that from windows you could manage file ownership(To a
limited extent, ufs is not ntfs). But as far as making any file that's
in a directory owned by who ever owns that dir, the only way I could
think of to do it is to write a cron script that checks the dir
ownership and sets all files and sub dirs to those permissions every x
amount of time.

-Aaron

 	On Thu, 2003-11-13 at 17:11, Christian Nabski wrote:
> Hi Aaron,
> 
> Thanks for your answer. 
> I already set the create mask for files and directories :
> for files 0600 --> user can only write and read
> for directories 0700 --> directories can be read and entered (executed) by 
> the user
> 
> This however only sets the rights and not the ownership.
> 
> The problem arises when an admin (in the adminlist) copies files from 
> another drive/share/... to the home share of a user via samba.
> These copied files have then as owner root. The effect of this (0600 and 
> root ) is that the user can not read or write to this file.
> 
> This is in fact a test server for a customer. 
> What they actually want is the behavior of windows :
> the copied files inherit the rights of the directory where they are 
> created.
> eg : homedir : 0700 owner : "the user" group "domain users"
> The admin copies or created a file example.txt in homedir.
> --> rights of example.txt : 0600 owner "the user" group "domain users"
> 
> The group ownership is possible with chmod g+s homedir or chmod 2700 
> homedir.
> 
> If I would set a create mask for files as 0660 and for directories 0770 
> the problem would be solved but I wanted the restrict the rights to the 
> ones set.
> And I don't want to maintain private groups (ala redhat) for these users.
> 
> I am just wondering how other people do this with admins which don't know 
> anything about unix file permissions ?
> 
> 
> Regards,
> 
> Christian
> 
> 
> 
> Aaron Collins <Hellfire at fastq.com> wrote on 13/11/2003 21:19:13:
> 
> > 
> > You should have a look at the create mask option, it says what the
> > default permissions should be on files that get created.  This will
> > override the default unix behavior. 
> > See also inherit permissions , directory mask, force create mode and
> > force directory mode   I think these are the options your looking for in
> > your smb.conf
> > 
> > -Aaron c
> > 
> > On Thu, 2003-11-13 at 11:40, Christian Nabski wrote:
> > > We want to copy files with the group in the admin list of the [homes] 
> > > share. The problem is that the copied files then are owned by root.
> > > I know this is normal unix behavior. However we want the copied files 
> to 
> > > be owned by the user of the homeshare. 
> > > 
> > > I read the samba howto section "Users Cannot Write to a Public Share".
> > > Although I want to set the owner on the home shares and not on a 
> public 
> > > share.
> > > The mentioned section however does not seem to work on Redhat 7.3 nor 
> RH 
> > > AS 3 ?
> > > The group gets set correctly (gets changed to the group who owned the 
> > > directory) but the user stays the same. 
> > > I am wondering if this is a particular issue with the Redhat 
> distribution 
> > > or something else ? 
> > > 
> > > For now I tried this "solution" :
> > > 
> > > in [homes] : 
> > > root preexec = chown -R %S %P
> > > 
> > > This works but I wonder if this is good solution ?
> > > 
> > > 
> > > Christian
> > 