svn commit: samba-docs r1013 - in trunk/Samba3-HOWTO: .
jht at samba.org
jht at samba.org
Fri Jan 19 01:47:38 GMT 2007
Author: jht
Date: 2007-01-19 01:47:37 +0000 (Fri, 19 Jan 2007)
New Revision: 1013
WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba-docs&rev=1013
Log:
Fixing bad info regarding UNIX file and directory access control.
Modified:
trunk/Samba3-HOWTO/TOSHARG-AccessControls.xml
Changeset:
Modified: trunk/Samba3-HOWTO/TOSHARG-AccessControls.xml
===================================================================
--- trunk/Samba3-HOWTO/TOSHARG-AccessControls.xml 2007-01-17 12:59:43 UTC (rev 1012)
+++ trunk/Samba3-HOWTO/TOSHARG-AccessControls.xml 2007-01-19 01:47:37 UTC (rev 1013)
@@ -1556,6 +1556,7 @@
<title>Users Cannot Write to a Public Share</title>
<para>
+ The following complaint has frequently been voiced on the Samba mailing list:
<quote>
We are facing some troubles with file/directory permissions. I can log on the domain as admin user (root),
and there's a public share on which everyone needs to have permission to create/modify files, but only
@@ -1566,7 +1567,7 @@
</para>
<para>
- There are many ways to solve this problem, and here are a few hints:
+ Here is one way the problem can be solved:
</para>
<procedure>
@@ -1581,16 +1582,17 @@
Set the ownership to whatever public user and group you want
<screen>
&prompt;find `directory_name' -type d -exec chown user:group {}\;
-&prompt;find `directory_name' -type d -exec chmod 1775 {}\;
+&prompt;find `directory_name' -type d -exec chmod 2775 {}\;
&prompt;find `directory_name' -type f -exec chmod 0775 {}\;
&prompt;find `directory_name' -type f -exec chown user:group {}\;
</screen>
</para>
<note><para>
- The above will set the <constant>sticky bit</constant> on all directories. Read your
- UNIX/Linux man page on what that does. It causes the OS to assign to all files
- created in the directories the ownership of the directory.
+ The above will set the <constant>SGID bit</constant> on all directories. Read your
+ UNIX/Linux man page on what that does. This ensures that all files and directories
+ that are created in the directory tree will be owned by the current user and will
+ be owned by the group that owns the directory in which it is created.
</para></note>
</step>
<step>
@@ -1613,15 +1615,14 @@
<para>Now type:
<screen>
-&prompt;<userinput>chmod 6775 /foodbar</userinput>
+&prompt;<userinput>chmod 2775 /foodbar</userinput>
&prompt;<userinput>ls -al /foodbar/..</userinput>
</screen>
-
</para>
<para>You should see:
<screen>
-drwsrwsr-x 2 jack engr 48 2003-02-04 09:55 foodbar
+drwxrwsr-x 2 jack engr 48 2003-02-04 09:55 foodbar
</screen>
</para>
</step>
@@ -1640,30 +1641,16 @@
You should see that the file <filename>Afile</filename> created by Jill will have ownership
and permissions of Jack, as follows:
<screen>
--rw-r--r-- 1 jack engr 0 2003-02-04 09:57 Afile
+-rw-r--r-- 1 jill engr 0 2007-01-18 19:41 Afile
</screen>
</para>
</step>
<step>
<para>
- Now in your &smb.conf; for the share add:
+ If the user that must have write permission in the directory is not a member of the group
+ <emphasis>engr</emphasis> set in the &smb.conf; entry for the share:
<smbconfblock>
-<smbconfoption name="force create mode">0775</smbconfoption>
-<smbconfoption name="force directory mode">6775</smbconfoption>
- </smbconfblock>
- </para>
-
- <note><para>
- These procedures are needed only if your users are not members of the group
- you have used &smbmdash; that is, if within the OS they do not have write permission on the directory.
- </para>
- </note>
-
- <para>
- An alternative is to set in the &smb.conf; entry for the share:
- <smbconfblock>
-<smbconfoption name="force user">jack</smbconfoption>
<smbconfoption name="force group">engr</smbconfoption>
</smbconfblock>
</para>
More information about the samba-cvs
mailing list