I need some clarification of groups(PDC and local unix groups )

[Scott Shealy]

Ok I did that... and that makes complete sense but it is still not working.
Users in the fulltime group are able to read from the directory but they are
not able to write in the directories.  Remember these users primary
group(the one in the /etc/passwd file) is ntuser. 

Thanks,
Scott

-----Original Message-----
From: Mike Fedyk [mailto:mfedyk at matchmail.com]
Sent: Wednesday, November 01, 2000 10:24 PM
To: Scott Shealy
Cc: 'samba at lists.samba.org'
Subject: Re: I need some clarification of groups(PDC and local unix
groups)


Scott Shealy wrote:
> 
> (I have been searching for 2 days now for an answer so please forgive me
if
> this has been answed many times)I am trying to set up a samba(2.0.7 on
Linux
> 2.2.17) fileserver for our domain. It is not the PDC. What I want is to
> create a share that some people can only read and others can read and
write.
> Currently what I have done is configued three local groups on the linux
> samba box.  One group ntuser everyone is a member of and it is there
primary
> group in the /etc/passwd. I have defined two other groups partime(for part
> time staff) and fulltime (for full timestaff) and placed the appropiate
> people in them in the /etc/groups file.  I want the partime people to only
> be able to read and the full time people to read and write all files in
that
> share.
> 
> Here is what I tried
> [global]
> 
>    workgroup = OURDOMAIN
> 
>    server string = OURSamba Server
>    security = domain
>    password server = ourpdc
> 
> [IntraNet]
>    comment = IntraNet
>    path = /IntraNet
>    admin users = adminnt
>    valid users = @ntuser
>    read only = yes
>    write list = @fulltime
>    force create mode = 0774
>    force directory mode = 0775
> 
> But this doesn't work right.  The domain stuff seems to be working ok.
Other
> simpler shares are working fine with domain authentiation. Can anybody
tell
> me how to accomplish this. Does Samba ignore local groups when
> security=domain?  Does it only look in the primary group(the one set in
> /etc/passwd).  Anyway I missing something here.  Could someone please
> explain this to me.
> 
> Thanks,
> Scott Shealy
Great, that's fine, as far as I can see, but you have neglected the unix
permissions.

find /IntraNet -type f -exec chmod 664 "{}" ";" -exec chgrp fulltime "{}"
";"
find /IntraNet -type d -exec chmod 2775 "{}" ";" -exec chgrp fulltime "{}"
";"

The directories are SGID because you want the files create within to have
the
same group as the directory, otherwise you would have files grouped to
ntuser
instead of fulltime.

If you don't trust the commands, read the manual for find.
-- 

Mike Fedyk                   "They that can give up essential liberty
Information Systems           to obtain a little temporary safety
Match Mail Productions Inc.   deserve neither liberty nor safety."
mfedyk at matchmail.com                                   Ben Franklin