File/Dir permissions under a share

[Dan Hill]

Mike Brodbelt wrote:

> Dan Hill wrote:
> >
> > I am trying to duplicate the setup on my netware box on my samba box.
> > Everyone wants to keep a single drive letter and go to the various dir's
> > from there.  So, what I did was create a share called "sys" and created
> > various dir's underneath it, e.g. hr, eng, etc....
> >
> > I setup the hr dir and files therein with 770 (i tried 777 also) and
> > root:hr permissions.  If an hr group member goes into the hr dir and
> > tries to modify or create a file, the access is denied.  I am assuming
> > that samba uses unix group membership to determin if a user can access a
> > given dir.  Does anyone know what I could be doing wrong?  I would
> > attach files for more info, but rather than showing wasteful text,
> > I decided to wait for comments.
> >
> > I know that creating these dir's under one share is probably not the
> > best thing, but my "users" namely uppers insist on one drive, e.g. G:\,
> > where they can go for all of the dir's available to them
>
> I don't see a problem with this kind of setup in general - I use a
> "common" share, and have several subdirectories with different
> permissions. I set it up like this:-
>
> [common]
>         comment = General file share
>         path = /usr/local/filestore/common
>         valid users = @everyone
>         admin users = @smbadmin
>         writeable = Yes
>         create mask = 0755
>         force create mode = 020
>         directory mask = 02775
>         force directory mode = 02070
>         map system = Yes
>         map hidden = Yes
>
> Then, under the share root, I have several directories
>
> $ ls -l /usr/local/filestore/common/
> total 11
> drwxrwsr-x  11 root     adverts      1024 May 17 09:25 Adverts/
> drwxr-sr-x  12 root     schols       1024 May  8 14:41 Awards/
> drwxrwsr-x  24 root     chems        1024 May 23 12:41 Chems/
> drwxrwsr-x  18 root     finance      1024 May 25 09:55 Finance/
> drwxrwsr-x  19 root     everyone     1024 May 26 11:36 General/
> drwxrwsr-x   6 root     library      1024 Feb 28 09:58 Library/
> drwxrwsr-x   7 root     memmark      1024 Jan 14 11:17 M+M/
> drwxrwsr-x  10 root     schols       1024 May 18 10:13 Marshall/
> drwxrwsr-x  11 root     support      1024 May 26 14:38 Support/
> drwxr-sr-x   3 root     everyone     1024 May 25 15:43 Templates/
> drwxrwsr-x  16 root     yearbook     1024 May 11 08:40 Yearbook/
>
> The combination of the directory mode settings in Samba, and the SGID
> bit on the directories makes the group ownership work nicely for me. If
> you don't have the SGID bit set, this could result in users creating
> files with a group ownership you don't want. You can use Samba share
> setting to achieve this instead if you like.
>
> HTH
>
> Mike.

Thanks, Mike!  That seems to be the trick for which I was looking.

Dan