[Samba] File Permissions. Two unix groups having write access to
the same share without 0777
Thiago Lima
thiagolima at webforce.com.br
Wed Nov 19 19:05:30 GMT 2003
I'm using samba 3.0.1pre3 as fileserver for my windows clients
(xp and 98)
My users are separated in many groups and some dirs should be
writeable for 2 groups at once.
Unix permissions does not allow to have 2 groups for a directory
or file. I could put 777 in the directory and force umasks, but that
really anoys me.
So I did a little workaround to make it work and now I wonder if
it is secure and if it will work as it should.
I've put all my users in group 'samba' as their secondary unix
group and set samba to "force group = samba" in the share configuration.
Their primary group still one of those (marketing, salles, tech, etc)
smb.conf share definition :
[companyfiles]
path = "/home/samba/shares/files"
valid users = @samba
force group = samba
write list = user1 user2 @group1 @group2
read list = @group3
It seens to be working allright. All files are created using
user.samba and mask 0664 and dir 0775.
Now all permission control is been done by samba. Can I trust
it?
The only problem I could have is if an user could log into the
unix and CD around, because unix permissions would permit him to see
things that he shouldn't, right?
What this looks like to you guys? Secure enogth ? I'll have no
shell users in this machine.
any comments, opnions and sugestions would be apreciated.
thanks and sorry about the poor english. I hope I made myself clear.
thiago lima.
More information about the samba
mailing list