Big problems with groups
Ulf Mehlig
umehlig at uni-bremen.de
Mon Dec 20 18:36:57 GMT 1999
"Karl-Heinz Schulz" <karlheinz at khschulz.com> wrote:
> I have several users being part of several groups.
>
> User1 group2 group3 group4
> User2 group1 group4 group5
>
> When User1 is saving a file on a Samba share it changes the permission to
> it's "main" group and everybody else has only read rights.
> What am I doing wrong?
> There are
Did you try the "force group" parameter? We have shares for several
"work groups", and they are defined like this:
<smb.conf> -----------------------------------------------------------
[anygroupdir]
comment = Directory of AnyGroup
path = /somewhere/anygroup
valid users = @anygroup
write list = @anygroup
force group = anygroup
create mask = 0660
directory mask = 0770
----------------------------------------------------------------------
So members of (Unix-) group "anygroup" can access the share, and are
(despite of their primary group, which is a per-user private group on
our machine) able to read & write as "someuser.anygroup" (see "create
mask", as well). What's missing is that we cannot map the Unix groups
to NT domain groups (only the domain administrators), that's not
possible in 2.06, I think. BTW, I recently learned from the netatalk
people that you can achieve this with pure Unix by setting the share's
directory's permissions like
chgrp anygroup /somewhere/anygroup
chmod -R g+s /somewhere/anygroup
(netatalk has no "force group", and our Mac users messed up their
shared volumes)
Hope it helps,
Ulf
--
======================================================================
Ulf Mehlig <umehlig at zmt.uni-bremen.de>
Center for Tropical Marine Ecology/ZMT, Bremen, Germany
----------------------------------------------------------------------
More information about the samba-ntdom
mailing list