[Samba] group share directory

David Christensen dpchrist at holgerdanske.com
Sun Sep 15 00:42:40 MDT 2013 

samba:

I am attempting to set up a "group share" directory on Debian "Wheezy" 
where any user can create or place files and directories, and every 
other user has full access to those files and directories.  The 
directory will be accessed both locally and via Samba.


Here is my Linux, distribution, and file system info:

     $ cat /proc/version
     Linux version 3.2.0-4-amd64 (debian-kernel at lists.debian.org) (gcc 
version 4.6.3 (Debian 4.6.3-14) ) #1 SMP Debian 3.2.46-1+deb7u1

     $ cat /etc/debian_version
     7.1

     $ grep /mnt/z /proc/mounts
     /dev/mapper/data3000 /mnt/z ext4 
rw,relatime,user_xattr,barrier=1,data=ordered 0 0


STFW I found a post for Samba only, but I need this to work for local 
access too:

     http://www.mail-archive.com/samba@lists.samba.org/msg88752.html


STFW I found various posts with partial solutions based on Unix groups, 
directory permissions, the group sticky bit, and default ACL's:

 
http://brunogirin.blogspot.com/2010/03/shared-folders-in-ubuntu-with-setgid.html

 
http://techslaves.org/2010/04/23/posix-default-acls-umask-and-project-directories/


Here is a Bourne shell script that implements a partial solution:

     #!/bin/sh

     set -o nounset
     set -o errexit

     DIR=/mnt/z/data/GroupShare
     USERNAME=groupshare

     if `grep -q $USERNAME /etc/passwd`; then deluser --system $USERNAME; fi
     if `grep -q $USERNAME /etc/group`; then delgroup --system $USERNAME; fi
     if [ -d $DIR ]; then rm -rf $DIR; fi

     adduser --system --group --no-create-home $USERNAME
     mkdir $DIR
     chown $USERNAME:$USERNAME $DIR
     chmod 0777 $DIR
     chmod g+s $DIR
     setfacl -m d:u::rwx,d:g::rwx,d:o::rwx,d:m:rwx $DIR


Running the script gives me a directory with the following ACL settings:

     $ getfacl /mnt/z/data/GroupShare
     getfacl: Removing leading '/' from absolute path names
     # file: mnt/z/data/GroupShare
     # owner: groupshare
     # group: groupshare
     # flags: -s-
     user::rwx
     group::rwx
     other::rwx
     default:user::rwx
     default:group::rwx
     default:mask::rwx
     default:other::rwx


The directory works as intended if users create files and directories -- 
e.g. the GroupShare default ACL is applied to the new files and directories:

     $ touch /mnt/z/data/GroupShare/foo

     $ mkdir /mnt/z/data/GroupShare/bar

     $ ll /mnt/z/data/GroupShare
     total 12
     drwxrwsrwx+ 3 groupshare groupshare 4096 2013/09/09 16:19:27 ./
     drwxr-xr-x  7 root       root       4096 2013/09/09 16:18:51 ../
     drwxrwsrwx+ 2 dpchrist   groupshare 4096 2013/09/09 16:19:27 bar/
     -rw-rw-rw-+ 1 dpchrist   groupshare    0 2013/09/09 16:19:20 foo


However, the directory doesn't work as intended if users copy or move 
files or directories:

     $ touch foo2

     $ cp foo2 /mnt/z/data/GroupShare/.

     $ touch foo3

     $ mv foo3 /mnt/z/data/GroupShare/.

     $ mkdir bar2

     $ cp -R bar2 /mnt/z/data/GroupShare/.

     $ mkdir bar

     $ mv bar3 /mnt/z/data/GroupShare/.


     $ ll /mnt/z/data/GroupShare/
     total 20
     drwxrwsrwx+ 5 groupshare groupshare 4096 2013/09/14 23:36:02 ./
     drwxr-xr-x  7 root       root       4096 2013/09/09 16:18:51 ../
     drwxrwsrwx+ 2 dpchrist   groupshare 4096 2013/09/09 16:19:27 bar/
     drwxr-sr-x  2 dpchrist   dpchrist   4096 2013/09/14 23:34:32 bar2/
     drwxr-sr-x  2 dpchrist   dpchrist   4096 2013/09/14 23:35:04 bar3/
     -rw-rw-rw-+ 1 dpchrist   groupshare    0 2013/09/09 16:19:20 foo
     -rw-r--r--  1 dpchrist   dpchrist      0 2013/09/14 23:35:50 foo2
     -rw-r--r--  1 dpchrist   dpchrist      0 2013/09/14 23:35:58 foo3


Observe that the group ownership is incorrect, the permissions bits are 
incorrect, and the ACL is missing for the copied and moved files and 
directories.


Has anybody found a solution to this problem?


TIA,

David

More information about the samba mailing list