Big problems with groups

Ulf Mehlig umehlig at
Mon Dec 20 18:36:57 GMT 1999

"Karl-Heinz Schulz" <karlheinz at> wrote:

> I have several users being part of several groups.
> User1 group2 group3 group4
> User2 group1 group4 group5
> When User1 is saving a file on a Samba share it changes the permission to
> it's "main" group and everybody else has only read rights.
> What am I doing wrong?
> There are 

Did you try the "force group" parameter? We have shares for several
"work groups", and they are defined like this:

<smb.conf> -----------------------------------------------------------

           comment = Directory of AnyGroup
           path = /somewhere/anygroup
           valid users = @anygroup
           write list = @anygroup
           force group = anygroup
           create mask = 0660
           directory mask = 0770


So members of (Unix-) group "anygroup" can access the share, and are
(despite of their primary group, which is a per-user private group on
our machine) able to read & write as "someuser.anygroup" (see "create
mask", as well). What's missing is that we cannot map the Unix groups
to NT domain groups (only the domain administrators), that's not
possible in 2.06, I think. BTW, I recently learned from the netatalk
people that you can achieve this with pure Unix by setting the share's
directory's permissions like

    chgrp anygroup /somewhere/anygroup
    chmod -R g+s /somewhere/anygroup

(netatalk has no "force group", and our Mac users messed up their
shared volumes)

Hope it helps,

Ulf Mehlig    <umehlig at>
              Center for Tropical Marine Ecology/ZMT, Bremen, Germany

More information about the samba-ntdom mailing list