Approach to permissions, UNIX usernames, and UNIX groups ..

[Jason A. Diegmueller]

Samba users--

I have a question I wanted to throw out to the general public.  When
dealing with reasonably large numbers of users (120+, in this case),
how do most of you handle your UNIX permissions, usernames, and groups
in corralation to your SAMBA?

Basically, I have a number of Windows 95/98 clients that authenticate
against a Novell server, as well as Apple clients.  Recently, I got
myself
a nice, new Linux box (with a sizeable RAID array) running SAMBA.
Novell
is currently serving up files; I want to move the responsibility of file
serving to my Linux machine.

With Novell, it's simple to take a subdirectory and assign it
permissions--
Bob, Al, and Tom can read and write to this directory.  No one else can 
access it.  With Linux, it seems a bit trickier.  This is where I'm
looking
for input.

I need to create a directory structure reasonably deep (3-5 directories
off of the main RAID mount point, with 5-10 directories under that, with
another 3-10 directories under those).

The best approach I have come up with so far is to create a group
specifically for each subdirectory, and put .. say .. Bob, Al, and Tom
in
it.  Then I make sure the directory is owned by root.group, and could
utilize
the "force create mode" and "force group" directives in my smb.conf to
create
the files as rwxrwx--- and assigned to the group with respect to the
subdirectory it is in.  The only problem is, this means I have to manage
over
100+ groups with 100+ SAMBA shares, and it seems there has to be a
better way,
and I'm just not seeing it.

Is there a way to tell SAMBA to assign files being written to the group 
of the subdirectory the file is being written to?  Is there a better way
altgother to approach this (I hope there is =).

Any insight or webpage references on approaches to medium-to-large-scale
fileserving with SAMBA on a network are appreciated.  Thanks.