Permissions question

David A. Mason damason at
Thu Mar 15 20:58:08 GMT 2001

If you add one more parameter to the share, it should fix it:

force group = domain_users

What is happening now is that members of domain_users are allowed to
connect, but they are not acting as that group, but rather as their default

force group will cause them to act as that group when working in that

-----Original Message-----
From: samba-ntdom-admin at
[mailto:samba-ntdom-admin at]On Behalf Of Greg J. Zartman,
Sent: Thursday, March 15, 2001 08:19
To: Samba News
Subject: Permissions question

I have permissions type question that I'm sure is very elementary to the
veteran Unix user, but confusing to a Windows person like myself.  Stupid
questions from us Windows people are OK because you guys are converting us
to Linux, right?  :o)

I have a Samba PDC setup for a Win2000/NT domain.  I'm having difficulty
with permissions on the group shares.  Specifically, I have a main project
share where people store project data that I want to be accessible by all.
I don't want to restrict access to anyone, except those that don't have an
account on the PDC.

Where my confusion comes in is the Unix/Linux filesystem security.  I've
setup a Unix group called domain_users and made everyone on my network a
member of that group.  I set the ownership of the shared project directory,
Linux, to the domain_users group and made it readable, writable, and
executable to this group.  On the samba end, I set valid user =
@domain_users, create mode = 0770, and directory mode = 0770.  But, when my
users create a directory or file in the shared directory tree, the ownership
of the directory or file is set to the creator's username and group name.
What I want is for the group ownership to be automatically set to
domain_users, so everyone can access the file or directory.  Is the only
option to make this happen to use the force group parameter in my smb.conf

Thank you.

Greg J. Zartman, P.E.

More information about the samba-ntdom mailing list