Permissions (SAMBA digest 2430)

Jim Mulholland jim.mulholland at peri.com
Wed Mar 1 19:14:31 GMT 2000 

Try this:

In your smb.conf file create a share map point:

[groups]
               comment = group specific shares
               path = /pchome/groups
               browseable = yes
               public = no
               writable = yes
               printable = no
               create mask = 660
               force directory mode = 775
               force create mode = 664

Create the underlying unix directory as in the following example whch
sets up for the three groups programming (prog), technical support
(tech), and systems admin (sysadm):

#  PCHOME=/pcfilesystem
#  mkdir $PCHOME/groups
#   chmod 755 $PCHOME/groups
#      for i in prog tech sysadm
#      do
#        mkdir $PCHOME/groups/$i
#        chgrp $i $PCHOME/groups/$i
#        chmod 770 $PCHOME/groups/$i
#      done


Proper "deny unless specifically granted" permissions are provided using
the above technique. The /pchome parent directory is setup chmod 555 or
chmod 755 so that only (sysadm) can add, delete, or modify entries. This
provides security against trojan horses and world writeable security
issues.

    drwxr-xr-x   root     root       /pchome

Groups directory is setup in order for individuals to share files
amongst members of their departments and workgroups. The permissions on
the groups parent directory
/pchome/groups is set chmod 755 / chown root:bin to provide security and
control. Member directories of /pchome/groups are set chmod 770 /
root:GID. Setting the group
ownership (ex: chgrp sysadm /pchome/groups/sysadm) allows ONLY group
members (controlled from NIS+, NIS or /etc/group) to access the contents
of each groups directory.  Only sysadm is allowed to create entries in
the groups parent directory. Group members have full control of their
group directories and can create whatever directory structure they want
underneath the primary entry.

drwxr-xr-x   root     bin        /pchome/groups
drwxrwx---   root     prog       /pchome/groups/prog
drwxrwx---   root     staff      /pchome/groups/tech
drwxrwx---   root     sysadmin   /pchome/groups/sysadm

- Jim Mulholland (jem at peri.com)
    Periphonics, A Nortel Networks Company

"Gary Neff" <gary at gneff.com> wrote:

> Date:   Tue, 29 Feb 2000 00:37:38 -0500
> From:   "Gary Neff" <gary at gneff.com>
> To:     "Samba" <samba at samba.org>
> Subject: permissions
> Message-ID: <NDBBICIKKLABJPAGDCJMCEOCCJAA.gary at gneff.com>
> MIME-Version: 1.0
> Content-Type: multipart/alternative;
>        boundary="----=_NextPart_000_0008_01BF824D.2E435300"
>
> This is a multi-part message in MIME format.
>
> ------=_NextPart_000_0008_01BF824D.2E435300
> Content-Type: text/plain;
>        charset="iso-8859-1"
> Content-Transfer-Encoding: 7bit
>
> once again I have the same problem can anyone help , I have several
share
> folders that I want everyone to be able to read write and delete and I
have
> create mode set at 0750 in homes but thats not working, I can change
> permissions on the fly but want the client to be able to add a
document and
> then have another user modify it . I am looking for something to
enable this
> share in the directories only can anyone help , please reply direct as
I am
> in the middle of programming this machine. Thanks in advance.
> Gary Neff
> gary at gneff.com
> http://www.gneff.com

More information about the samba mailing list