[Samba] samba -v- unix file/group permissions

slyle at plasticmoldings.com slyle at plasticmoldings.com
Fri Jun 20 20:24:52 GMT 2003 

In migrating to Samba on FreeBSD from WinNT, I've run into this hitch.

Let us say I have 9 users named
        User1, User2, User3, ? User9

User1 is a member of group wheel

User2 & User3 have the administrative task (add/change/delete) of managing 
the content of the directory Dirc1 and all subordinate objects (files and 
directories).

Dirc1 is the directory /usr/Shared/Dirc1. Only User1 will need to delete 
Dirc1, but if it helps then User2 & User3 can also delete Dirc1.

All users can read anything in Dirc1 and all subordinate objects as well.

All users can contribute (add/change/delete) anything in the Everyone 
directory which is /usr/Shared/Dirc1/Everyone

Shared is a Samba service.

As User2 & User3 add new objects subordinate to Dirc1 they are to retain 
the permissions necessary to add/change/delete all current and new objects 
in Dirc1.

All users can add/change/delete anything anywhere else in Shared

All end-user efforts are performed from Windows NT workstations.

(This is essentially what I have on an NT file system and would like to 
maintain this structure to prevent confusion.)

Finally,
Samba ACL support is not compiled into Samba because that option is broken 
between this version of FreeBSD and this version of Samba.


1) How do I configure the Shared, Dirc1 & Everyone directories in terms of 
the Unix file permissions and ownerships to support this?

2) How do I configure the Shared service in Samba to support this?

3) How do I configure the User2 & User3?

4) What else will be necessary?


In Linux, can groups be members of other groups?  In BSD groups cannot.  I 
think I'm going to learn to hate this about Unix.

On the issue of Force group / force user. These properties take presence 
over the actual user: group properties of a users connection such that if 
force user and/or force group is implemented on a share then all users of 
that share are controlled by the force user/force group assignments.  So 
this did not work.  I expect force create mode to be similarly effective 
for all objects on the share which will not work for me.

I thought to have:
        root : wheel            drwxrwxr - x    for     /usr/Shared 
        root : Dirc1-admins     drwxrwxr - x    for     /usr/Shared/Dirc1 
and
        root : Dirc1-admin      drwxrwxrwx      for 
/usr/home/shared/Dirc1/Everyone 

Dirc1-admins= User2, User3

Where Shared is defined in Samba as:
[shared]
        path = /usr/Shared
        browsable = yes
        read only = no
        writable = yes
        available = yes

My problem here is when creating new objects I have to manually fix the 
group permissions.

Can this fix be automated and the time the file is created regardless of 
who created the object?


Thanks,
-Steve Lyle
513.557.5207

More information about the samba mailing list