Create mode, create mask etc...

[thwartedefforts at wonky.org]

My share definition is, literally:

- [public_html]
-        comment = web accessible files
-        path = /usr/local/etc/httpd/public_html
-        write list = @web
-        browseable = yes
-        force group = web
-        force create mode = 775
-        force directory mode = 2775

And /etc/group contains:

- web:x:1953:abakun,kschmutz,kdart

Now when I login as abakun, I can write to the public_html share and smbstatus shows that the gid is web.  The files I created where owned by abakun and in the group web.  Note that /home/httpd/public_html is also g+s (this is redundant, most likely).  When I login as someone not in the web group, I can't write to the share, and smbstatus shows their default group as the gid.

One thing I did notice though, someone might want to confirm this, is that if the user's default group is X as specified in /etc/passwd, but they are not listed as being in group X in /etc/group, they are really not a part of that group.  This seems like it's a UNIX thing though.  This user was unable to write to the shares which would allow access via their default group.  This would seem to indicate that samba iterates over the usernames listed in the group file and doesn't check the default group.  Bug or feature?

[snip]
> 
> |  [public_html]
> |     read only = yes
> |     write ok = @webusers
> |     force group = webusers
> |     create mode = 0775
> |     directory mode = 2775
> 
>   Hmmn:  try that, and then see if any account can write
> the share...  You **could** be change the users's group
> uncondutionally, then opening files as the group...
> 
>   The code appears to set read_only, which may
> or may not be a sufficient condition (server.c, make_connection() 
> near the reference to lp_force_group).
> 
>   If it works, it's order-dependant in the smb code. If it doesn't,
> tell the list, its probably a bug!