How to set permissions correctly ?

Mayers, Philip J p.mayers at
Tue Jun 20 10:40:11 GMT 2000

I think the problem you're having is that Samba is setting the wrong
permissions on files created. Do this:

2) For the Projects

mkdir /whatever/Projekt1A
chown UserA /whatever/Projekt1A
chgrp Team1 /whatever/Project1A
chmod 2770 /whatever/Project1A

Note, we've set the setgid bit on the directories above, so all the files
create in that directory will have the directories group, not the user's
primary group

Then, on the share containing these files, set the parameters

create mask = 0770
force create mode = 0770
directory mask = 2770
force directory mode = 2770

We make sure the setgid bit propagates to all the directories.

There are many different ways to do this. Without knowing your exact
requirements in detail (which, to be frank, no-one here wants to :o) it's
impossible to say. You'll need a good understanding of Unix permissions and
Samba's interaction with them to find the absolute best solution.

(The absolute best solution would be proper NT-style ACLs in the filesystem,
but no popular unices offer that).



-----Original Message-----
From: Matthias Krawen [mailto:admin at]
Sent: Tuesday, June 20, 2000 10:01 AM
To: Multiple recipients of list SAMBA-NTDOM
Subject: How to set permissions correctly ?

Hi !

Maybe I'm just to blind, but i don't know how to do this. Imagine following 

There are UserA, UserB, UserC, UserD

There are following UnixGroups (can create more/other groups)

norm  - UserA, UserB, UserC, UserD
Team1 - UserA, UserB
Team2 - UserB, UserC
Team3 - UserA, UserC, UserD

There are following share, containing following dirs

[homes] - UserA, UserB, UserC

[Projekt1] - Projekt1A, Projekt1B, Projekt1C

Question 1 - How to accomplish:

Homedirs generally read-only by owner. Exception \homes\UserA should be 
full accessable by Team3. That means especially that files created by UserC 
and UserD should be full accessable like files from UserA

Question 2 - How to accomplish:

Projekt1A is owned by UserA.Team1, Team1 should have full access, esp. 
create files so that full access is possible.

Projekt1B is owned by UserC.Team2.

Everyone (owner & teammate) should have full access to all files in theses 
directorys. That means, files created in Projekt1B by UserB should be full 
accessable by UserC and so on.

How to accomplish this ?

  Matthias Krawen

Heimhuder Str. 21
20148 Hamburg
Fax: 040 / 450 217 77

PGP-Public Key available

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/ms-tnef
Size: 3483 bytes
Desc: not available
Url :

More information about the samba-ntdom mailing list