Samba security on a public share

Escobar, Henry J. HENRY.J.ESCOBAR at cpmx.saic.com
Tue Oct 27 20:03:28 GMT 1998


Samba team and Samba Mailing List,
     Hello Everyone!
   I am currently having some problems getting a samba share with the
following properties:

Read only access to everyone
Write access limited to a UNIX group
Files/Directories saved as the user that created them (for auditing)

The problem that I am running into, is that when a user in the writegrp
creates a file, it is owned by that user and their default Unix group
(naturally). 

The problem with this is that all of our users are all in the same group! I
also can not force the group via samba, since I run into the problem that
everyone can now write there as well.

This problem could be solved if I could get newly created files and
directories to be owned by the writegrp (inherit the group perms of the
current working directory (cwd)).

Another solution would be to only reset the egid to the writegrp if you
belong to the writegrp.

I wish to avoid creating a read share and a write share since that is ugly,
and could confuse my users as well.
I also wish to avoid the security issues (and lose the auditing capability)
by creating a group of admin users!!!

Any suggestions, or do I have to start modifying the source code until a
version of samba supports this?

____________________________________________________________________________
_____

		Henry J. Escobar
		System Administrator
		Science Applications International Company (SAIC)
		email     : escobarh at saic.com





More information about the samba mailing list