SAMBA digest 2186

Bruce Cook cook at ccis.adisys.com.au
Tue Aug 3 02:36:05 GMT 1999 

>

The way I deal with this is to use SetGID.

The way this works is that you set the setgid bit on a directory,
and any file or directory created under it inherits it's group, rather
than the primary group of the process creating it.

 Directories created under this directory also inherit the SetGID bit.

This means that if you have one share, with all the top level
directories in it.  Then each of those directories has it's
own group, and has the setgid bit set, you should get what you want.

to set the gid bit:

chmod g+s foo
or
chmod 2770 foo


> Is it possible to have a share within a share, or to force group on
> directories within a share?
>
> What I am trying to do is set up departmental shares, but find that having
> them all in the root list of shares looks messy (too many shares :P )
>
> What would be preferable, would be to have a [departments] share, then put
> a share for each department within that share.
>
> Just using directories within that share is not good enough, and I need to
> access read/write access to each directory seperatly depending on a user
> being a member of the correct group.  This would be easy enough, but I
> also need to be able to force newly created files to be grouped to the
> correct departmental group.
>
> ie.
>
> -- [from /etc/group] --
> support:*:120:john,frank,joe
> staff:*:95:john,frank,joe
>
> -- [from /etc/passwd] --
> john:*:125:95:John Doe:/home/john:/bin/bash
>
> -- [from smb.conf] --
> [Departments]
>         comment                 = Departmental Shares
>         path                    = /usr/local/shares/departments
>         browsable               = yes
>         writable                = yes
>         valid users             = @staff
>         admin users             = @admin
>         create mask             = 0770
>         directory mode          = 0770
>
> % ls -la /usr/local/shares/departments
>
> total 3
> drwxrwx---  11 root  smbadmin  512 Jul 29 15:18 ./
> drwxr-xr-x   8 root  smbadmin  512 Jul 30 00:47 ../
> drwxrwx---   2 root  support   512 Jul 29 15:09 support/
>
> -------------
>
> If a support person goes and creates a file in the support directory, it
> will be grouped to 'staff'.  I also am not willing to make each user's
> primary group be that of their department. :)
>
> I am not sure how well I explained this, so please email me if it doesn't
> make sense or you aren't sure what I am asking. :)
>
> Comments? Ideas?
>
> --

More information about the samba mailing list