[Samba] User directories and groups usage

Rashkae rashkae at tigershaunt.com
Thu Aug 14 19:53:28 GMT 2003


Create Mask 660 will remove executable bits from any saved file, as
advertized.  However, since Samba normally maps archive attribute to
executable permission in Unix, this would break the archive attribute.

I would use

create mask = 760
force create mode = 660

This will ensure that the user and all members of the group have read
write permission the file.  It will also allow windows to set the archive
attribute on files.. (Security note: this will make files executable by
the user who owns the file.  A creative person *might* be able to use this
to work around security restrictions on the system.)



____________________________________________
Aug 14  3:46pm


They hang the man and flog the woman
That steal the goose from off the common,
But let the greater villain loose
That steals the common from the goose.
  --English folk poem, circa 1764

On Thu, 14 Aug 2003, Cor Lem wrote:

At 10:30 14-8-03 -0700, you wrote:
>Morning everyone.
>
>I was playing around today with our PDC setup.
>One thing I noticed is that when I setup users to have their 'My
>Documents' directory be /home/<user> everything works well.
>One thing I noticed is that the directory, subdirectories and files have
>the owner of the user and the group as per assigned, and permissions as 700.
>
>If I wanted to set it up so a specific group would get assigned the group
>for everyones /home/<user> as well as specific permissions, would I need
>to add something like the following to my smb.conf, under the homes section:
>
>[homes]
>    comment = Home Directories
>    browseable = no
>    writable = yes
>    force group = daffy
>    force create mode = 770

This would make a file readable, writable AND executable for user/group
owning the files

I would use:
create mask = 660
This wil not make files executable.

>    force directory mode = 440

This would make the directory readable only - not executable, so you can't
see what's in it and its not writable.

I would use:
create mask = 0770

>Which should set the group to 'daffy' for all files and directories
>created as well as set the new files with 770 and new directories as 440.
>
>That look about right?

nope - see above - may I ask how you got to 770 and especially 440 ?

To better understand this have a look at:
http://www.ctssn.com/linux/lesson6.html

Greetz,
Cor Lem

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba




More information about the samba mailing list