Inheritage of user rights

[David Lee]

Re:

> Date: Tue, 15 Jun 1999 14:17:29 +0200
> From: "Roth Rainer" <Roth_Rainer at csi.com>
> To: <samba at samba.org>
> Subject: Inheritage of user rights
> 
> Hello,
> 
> our six W95-clients have access to our Samba 1.9x Server. For the special
> directory in question, everybody (owner, group members and other) has full
> rights (drwxrwxrwx or 777).
> 
> Now the problem: every user stores files and directories in that main
> directory. Unfortunately, ony the owner has full rights, not esp. the other
> group members (-rwxr-xr-x). To change the rights by hand is usless (approx.
> over 100 files a day). Group members must have full access to the files (the
> have to change them).
> 
> So, there is my question: is it possible to inherit the main-directory
> rights to every single file and directory to be placed in that main
> directory?

I have developed a patch for samba 2.0.4b which addresses the general
case.  It is provisionally called "inherit mode", and if, specified, uses
the existing parent directory, rather than the "create mode" parameters,
to set permissions on new files and directories. 

The concept turned out to be straightforward and intuitive and, for us,
incredibly useful and beneficial.  (We have potentially have 14,000 users
and need something for their [homes] share which is simple to specify and
understand, yet flexible and effective.)

New files inherit the rw bits of the parent directory.  New directories
inherit all bits (including "t", "g+s") etc. (that is, they clone). 

For example: We can set up a 711 home directory, and everything the user
creates is private (files 600, sub-directories 711).  Within that we can
set up a "public_html" sub-directory as 755:  all user files there are
644.  The user may also set up "group" project sub-directories, typically
"750 with g+s".  [ The reason for 711, not 700, on [homes] is to open it
up just enough for the requisite access to things like "public_html". ]

I have submitted the patch to the samba people, but no-one has replied!!
(Hint!).

-- 

:  David Lee                                I.T. Service          :
:  Systems Programmer                       Computer Centre       :
:                                           University of Durham  :
:  Phone:    +44 191 374 2882 (ddi)         South Road            :
:  Fax:      +44 191 374 7759               Durham                :
:  Internet: T.D.Lee at durham.ac.uk           U.K.                  :