[Samba] group and user permissions issue.

Aden, Steve saden at itscommunications.com
Wed Jun 23 14:18:01 GMT 2004 

Ian,
	I refer you to section 12.2.3 of the Samba HOWTO Collection.
Specifically look at the information concerning the group ID bit (SGID).
You can use the file system permissions and controls in such a way that
all the files created will be owned by the same group (teachers).

	This is also covered nicely in John Terpstra's book "Samba-3 By
Example".

Steve


Privileged/Confidential Information may be contained in this message. If you are not the addressee indicated in this message (or responsible for delivery of the message to such person), you may not copy or deliver this message to anyone. In such case, you should destroy this message and kindly notify the sender by reply email. Opinions, conclusions and other information contained in this message that do not relate to official business shall be understood as neither given nor endorsed by ITS

-----Original Message-----
From: Ian Warburton [mailto:samba at irax.com] 
Sent: Wednesday, June 23, 2004 8:14 AM
To: samba at irax.com
Cc: Aden, Steve; samba at lists.samba.org
Subject: RE: [Samba] group and user permissions issue.



I thought I had this sorted, However there is still a problem - Force
group greated the file with the group I required but also gave everyone
logging onto the share group access rights. If I take away the force
group
then the group is set to the user primary group. and the teachers group
can't read the file.  what I require is for the group to be set to
teachers on file creation with no other implications. (if i use force
group +teachers then the force only occurs if the logon user is a member
of teachers , no use either)

Ian



> Thanks Steve
>
>
> I had clearly misunderstood the scope of force user. ( actually, it
was
> force group ) but the principle is still the same.
>
> Tha ctual solution was to remove the line force group = teachers the
> rights then followed as expected.
>
> Ian
>
>
>
>
>
>
>> Ian,
>> 	You appear to be incorrectly using the "force user" parameter.
>>
>> From the smb.conf documentation:
>>
>> force user (S)
>> This specifies a UNIX user name that will be assigned as the default
>> user for all users connecting to this service. This is useful for
>> sharing files. You should also use it carefully as using it
>> incorrectly can cause security problems.
>>
>> This user name only gets used once a connection is established. Thus
>> clients still need to connect as a valid user and supply a valid
>> password. Once connected, all file operations will be performed as
the
>> "forced user", no matter what username the client connected as. This
>> can be very useful.
>>
>>
>> This clearly explains the results you have achieved.
>>
>> Steve
>>
>>
>> Privileged/Confidential Information may be contained in this message.
>> If you are not the addressee indicated in this message (or
responsible
>> for delivery of the message to such person), you may not copy or
>> deliver this message to anyone. In such case, you should destroy this
>> message and kindly notify the sender by reply email. Opinions,
>> conclusions and other information contained in this message that do
>> not relate to official business shall be understood as neither given
>> nor endorsed by ITS
>>
>> -----Original Message-----
>> From: Ian Warburton [mailto:samba at irax.com]
>> Sent: Tuesday, June 22, 2004 1:37 PM
>> To: samba at lists.samba.org
>> Subject: [Samba] group and user permissions issue.
>>
>>
>> I have browsed through loads of archive material and cant seem to
find
>> anywhere where this exact issue has been posted.
>>
>>  am using samba 2.28 set up as an NT domain, there are no problems
>> with
>> the general configuration. My issue is witb samba not following the
>> permissons I have set on files in a shared directory.
>> Purpose: set up a directory for students and teachers where students
>> can leave files and only edit their own files, teachers can edit all
>> files.
>>
>> unix permissions for files are like this
>> -rwxrw----    1 student1 teachers        6 Jun 22 18:22 S1.txt*
>> -rwxrw----    1 student3 teachers       17 Jun 22 18:21 S3.txt*
>> -rwxrw----    1 student3 teachers        8 Jun 22 18:21 student3.txt*
>>
>> therefore students can edit their own files and teachers in the group
>> teachers can also edit the files.
>>
>>
>> I create a share in samba ie:
>>
>> [Student_GiveWorkIn]
>>         user = %U
>>         path = /home/Give_work_in
>>         create mode = 750
>>         write list = %U
>>         only user = yes
>>         force group = teachers
>>
>> this works however students using this share can edit each others
>> files.
>>
>> if I set the permissions to :
>>
>> -rwxr-----    1 student1 teachers        2 Jun 22 16:34 S1.txt*
>> -rwxr-----    1 student3 teachers        8 Jun 22 17:12 S3.txt*
>> -rwxr-----    1 student3 teachers        0 Jun 22 15:39 student3.txt*
>>
>> then students can edit their own files and no one elses, but the
>> teachers
>> group can't  edit them either ie chmod g+w  seems to mean that samba
>> gives
>> group access to the students as well as the teachers, when only the
>> teachers should have access.
>>
>> I am at a loss to explain this behaviour.
>>
>> Ian
>>
>>
>>
>> --
>> To unsubscribe from this list go to the following URL and read the
>> instructions:  http://lists.samba.org/mailman/listinfo/samba
>>
>> _____________________________________________________
>> This message was content-scanned by IXC Shield
>> Powered by GatewayDefender - BG0b1bd641.00000001.mml
>
>
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  http://lists.samba.org/mailman/listinfo/samba





_____________________________________________________
This message was content-scanned by IXC Shield 
Powered by GatewayDefender - BE0b0385a6.00000001.mml

More information about the samba mailing list