How to set permissions correctly ?
Mayers, Philip J
p.mayers at ic.ac.uk
Tue Jun 20 10:40:11 GMT 2000
I think the problem you're having is that Samba is setting the wrong
permissions on files created. Do this:
2) For the Projects
chown UserA /whatever/Projekt1A
chgrp Team1 /whatever/Project1A
chmod 2770 /whatever/Project1A
Note, we've set the setgid bit on the directories above, so all the files
create in that directory will have the directories group, not the user's
Then, on the share containing these files, set the parameters
create mask = 0770
force create mode = 0770
directory mask = 2770
force directory mode = 2770
We make sure the setgid bit propagates to all the directories.
There are many different ways to do this. Without knowing your exact
requirements in detail (which, to be frank, no-one here wants to :o) it's
impossible to say. You'll need a good understanding of Unix permissions and
Samba's interaction with them to find the absolute best solution.
(The absolute best solution would be proper NT-style ACLs in the filesystem,
but no popular unices offer that).
From: Matthias Krawen [mailto:admin at hans-bredow-institut.de]
Sent: Tuesday, June 20, 2000 10:01 AM
To: Multiple recipients of list SAMBA-NTDOM
Subject: How to set permissions correctly ?
Maybe I'm just to blind, but i don't know how to do this. Imagine following
There are UserA, UserB, UserC, UserD
There are following UnixGroups (can create more/other groups)
norm - UserA, UserB, UserC, UserD
Team1 - UserA, UserB
Team2 - UserB, UserC
Team3 - UserA, UserC, UserD
There are following share, containing following dirs
[homes] - UserA, UserB, UserC
[Projekt1] - Projekt1A, Projekt1B, Projekt1C
Question 1 - How to accomplish:
Homedirs generally read-only by owner. Exception \homes\UserA should be
full accessable by Team3. That means especially that files created by UserC
and UserD should be full accessable like files from UserA
Question 2 - How to accomplish:
Projekt1A is owned by UserA.Team1, Team1 should have full access, esp.
create files so that full access is possible.
Projekt1B is owned by UserC.Team2.
Everyone (owner & teammate) should have full access to all files in theses
directorys. That means, files created in Projekt1B by UserB should be full
accessable by UserC and so on.
How to accomplish this ?
Heimhuder Str. 21
Fax: 040 / 450 217 77
PGP-Public Key available
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Size: 3483 bytes
Desc: not available
Url : http://lists.samba.org/archive/samba-ntdom/attachments/20000620/384ab899/attachment.bin
More information about the samba-ntdom