I need some clarification of groups(PDC and local unix groups)

Mike Fedyk mfedyk at matchmail.com
Thu Nov 2 03:23:38 GMT 2000

Scott Shealy wrote:
> (I have been searching for 2 days now for an answer so please forgive me if
> this has been answed many times)I am trying to set up a samba(2.0.7 on Linux
> 2.2.17) fileserver for our domain. It is not the PDC. What I want is to
> create a share that some people can only read and others can read and write.
> Currently what I have done is configued three local groups on the linux
> samba box.  One group ntuser everyone is a member of and it is there primary
> group in the /etc/passwd. I have defined two other groups partime(for part
> time staff) and fulltime (for full timestaff) and placed the appropiate
> people in them in the /etc/groups file.  I want the partime people to only
> be able to read and the full time people to read and write all files in that
> share.
> Here is what I tried
> [global]
>    workgroup = OURDOMAIN
>    server string = OURSamba Server
>    security = domain
>    password server = ourpdc
> [IntraNet]
>    comment = IntraNet
>    path = /IntraNet
>    admin users = adminnt
>    valid users = @ntuser
>    read only = yes
>    write list = @fulltime
>    force create mode = 0774
>    force directory mode = 0775
> But this doesn't work right.  The domain stuff seems to be working ok. Other
> simpler shares are working fine with domain authentiation. Can anybody tell
> me how to accomplish this. Does Samba ignore local groups when
> security=domain?  Does it only look in the primary group(the one set in
> /etc/passwd).  Anyway I missing something here.  Could someone please
> explain this to me.
> Thanks,
> Scott Shealy
Great, that's fine, as far as I can see, but you have neglected the unix

find /IntraNet -type f -exec chmod 664 "{}" ";" -exec chgrp fulltime "{}" ";"
find /IntraNet -type d -exec chmod 2775 "{}" ";" -exec chgrp fulltime "{}" ";"

The directories are SGID because you want the files create within to have the
same group as the directory, otherwise you would have files grouped to ntuser
instead of fulltime.

If you don't trust the commands, read the manual for find.

Mike Fedyk                   "They that can give up essential liberty
Information Systems           to obtain a little temporary safety
Match Mail Productions Inc.   deserve neither liberty nor safety."
mfedyk at matchmail.com                                   Ben Franklin

More information about the samba mailing list