File/Dir permissions under a share

Mike Brodbelt m.brodbelt at acu.ac.uk
Fri May 26 14:35:21 GMT 2000 


Dan Hill wrote:
> 
> I am trying to duplicate the setup on my netware box on my samba box.
> Everyone wants to keep a single drive letter and go to the various dir's
> from there.  So, what I did was create a share called "sys" and created
> various dir's underneath it, e.g. hr, eng, etc....
> 
> I setup the hr dir and files therein with 770 (i tried 777 also) and
> root:hr permissions.  If an hr group member goes into the hr dir and
> tries to modify or create a file, the access is denied.  I am assuming
> that samba uses unix group membership to determin if a user can access a
> given dir.  Does anyone know what I could be doing wrong?  I would
> attach files for more info, but rather than showing wasteful text,
> I decided to wait for comments.
> 
> I know that creating these dir's under one share is probably not the
> best thing, but my "users" namely uppers insist on one drive, e.g. G:\,
> where they can go for all of the dir's available to them

I don't see a problem with this kind of setup in general - I use a
"common" share, and have several subdirectories with different
permissions. I set it up like this:-

[common]
        comment = General file share
        path = /usr/local/filestore/common
        valid users = @everyone
        admin users = @smbadmin
        writeable = Yes
        create mask = 0755
        force create mode = 020
        directory mask = 02775
        force directory mode = 02070
        map system = Yes
        map hidden = Yes

Then, under the share root, I have several directories

$ ls -l /usr/local/filestore/common/
total 11
drwxrwsr-x  11 root     adverts      1024 May 17 09:25 Adverts/
drwxr-sr-x  12 root     schols       1024 May  8 14:41 Awards/
drwxrwsr-x  24 root     chems        1024 May 23 12:41 Chems/
drwxrwsr-x  18 root     finance      1024 May 25 09:55 Finance/
drwxrwsr-x  19 root     everyone     1024 May 26 11:36 General/
drwxrwsr-x   6 root     library      1024 Feb 28 09:58 Library/
drwxrwsr-x   7 root     memmark      1024 Jan 14 11:17 M+M/
drwxrwsr-x  10 root     schols       1024 May 18 10:13 Marshall/
drwxrwsr-x  11 root     support      1024 May 26 14:38 Support/
drwxr-sr-x   3 root     everyone     1024 May 25 15:43 Templates/
drwxrwsr-x  16 root     yearbook     1024 May 11 08:40 Yearbook/

The combination of the directory mode settings in Samba, and the SGID
bit on the directories makes the group ownership work nicely for me. If
you don't have the SGID bit set, this could result in users creating
files with a group ownership you don't want. You can use Samba share
setting to achieve this instead if you like.

HTH

Mike.

More information about the samba mailing list