[Samba] Win(yuck)NT

Mike Brodbelt m.brodbelt at acu.ac.uk
Mon Jun 23 09:36:29 GMT 2003 

Steve_Lyle/PlasticMoldings%PLASTICMOLDINGS at plasticmoldings.com wrote:
> 
> In migrating to Samba on FreeBSD from Win(yuck)NT, I?ve run into this
> hitch.
> 
> Let us say I have 9 users named
>      User1, User2, User3, ? User9
> 
> User1 is a member of group wheel
> 
> User2 & User3 have the administrative task (add/change/delete) of managing
> the content of the directory Dirc1 and all subordinate objects (files and
> directories).
> 
> Dirc1 is the directory /usr/Shared/Dirc1. Only User1 will need to delete
> Dirc1, but if it helps then User2 & User3 can also delete Dirc1.
> 
> All users can read anything in Dirc1 and all subordinate objects as well.
> 
> All users can contribute (add/change/delete) anything in the Everyone
> directory which is /usr/Shared/Dirc1/Everyone
> 
> Shared is a Samba service.
> 
> As User2 & User3 add new objects subordinate to Dirc1 they are to retain
> the permissions necessary to add/change/delete all current and new objects
> in Dirc1.
> 
> All users can add/change/delete anything anywhere else in Shared
> 
> All end-user efforts are performed from Windows NT workstations.
> 
> (This is essentially what I have on an NT file system and would like to
> maintain this structure to prevent confusion.)
> 
> Finally,
> Samba ACL support is not compiled into Samba because that option is broken
> between this version of FreeBSD and this version of Samba.
> 
> 
> 1) How do I configure the Shared, Dirc1 & Everyone directories in terms of
> the Unix file permissions and ownerships to support this?

Create an admin group, and an everyone group - I've used "smbadmin" and
"everyone". Then make /usr/Shared group owned by everyone, and group
writable and *SGID*.Make /usr/Shared/Dirc1/Everyone group owned by
"everyone", group writable, and SGID. Make /usr/Shared/Dirc1/ group
owned by "smbadmin", and SGID.

> 2) How do I configure the Shared service in Samba to support this?

Something like this:-

[dirc1]
        comment = Dirc1 general file share
        path = /usr/Shared/
        valid users = @everyone
        admin users = @smbadmin
        writeable = Yes
        create mask = 0755
        force create mode = 020
        directory mask = 02775
        force directory mode = 02070
        map system = Yes
        map hidden = Yes


> 3) How do I configure the User2 & User3?

Make them members of smbadmin.

> 4) What else will be necessary?

That should be about it, if I've understood what you're after correctly.
The SGOD bit governs file creation semantics, so this will work on an
empty directory tree. If you copy a load of files across from NT, you'll
have to go through all the directories recursively, setting the SGID bit
as necessary.

HTH,

Mike.

More information about the samba mailing list