Unix permissions, groups, etc as forced by Samba

David Lee T.D.Lee at durham.ac.uk
Fri Nov 19 17:58:30 GMT 1999 

On Thu, 18 Nov 1999, Eric Praetzel wrote:

> The permissions and group ownership must changed based upon directories
> and/or files.
> 
> For example we'll have students making a real-time OS; and there may be 40
> groups defined just for that.  Dito for permissions (in particular o+r) has
> to be assigned in at least one directory tree in particular (publich_html)
> and no others.
> 
> So any scheme which forces particular create modes or groups can't work.
> 
> I was originaly hoping that there was some way to just bypass the mask
> or'ing and forcing and so I asked the question in the documentation listserv
> a few weeks ago.  I only found other people who were eager for a way to
> also bypass the forcing of file modes and group.

Re: the "public_html" part (and perhaps the rest!):

I'm trying to persuade the Samba folks to adopt my "inherit mode" patch.
There was some discussion about it a couple of months ago, and the idea
was favourably received.  But it seems to have gone cold ...

Anyway, the basic idea was that an "inherit mode" share used the
permissions of the parent directory to set permissions on new files and
directories.

Imagine a home directory "." as 711 and a pre-created "./public_html" as
755 .  (The home has to have 711 rather than 700 to allow pass-through to
"./public_html".)

The within public_html all new sub-(sub-...)directories would get 755
and files 644, but in everything else, these would be 711 and 600 .

We have installed this patch (many thousand users, nearly 1,000 PCs,
several hundred UNIX groups) and it is now vital to our operation.

Would this patch help you?  What are its shortcomings?  (As I say, I'd
like to see this patch, or some variant, make it into the Samba
distribution...) 

-- 
:  David Lee                                I.T. Service          :
:  Systems Programmer                       Computer Centre       :
:                                           University of Durham  :
:  http://www.dur.ac.uk/~dcl0tdl            South Road            :
:                                           Durham                :
:  Phone: +44 191 374 2882                  U.K.                  :

More information about the samba-technical mailing list