[Samba] Question about permissions

Mario Gamito gamito at netual.pt
Tue Jul 20 08:29:26 GMT 2004 

Hi,

First of all, my apologies for the extension of this message, but it is
needeed for you to undertand my problem.

Straight to the point: i have this domain in my company running in Samba
3.0.2

My users are: hcoelho, jardim, gamito, yesenia, smatias, fqueiros,
faugusto, vamaro, peixinho, aragao, dina, pinho.

I have this shares with the users that can access them and the
correponding Linux groups: 

[DAT]: hcoelho, jardim, fqueiros, gamito, faugusto => Linux group A
[DID]: hcoelho, jardim, gamito, faugusto, peixinho, aragao, vamaro =>
Linux group B
[DGM]: hcoelho, jardim, smatias => Linux group C
[SAD]: hcoelho, jardi, yesenia => Linux group D
[NTL]: Everybody => Linux group E
[arquivo]: everybody
[backups]: jardim, gamito, filipe => Linux group G
[biblioteca]: everybody
[desenvolvimento]: jardim, gamito, faugusto


user's groups:
coelho : d hcoelho a b c e f g
jardim : d jardim a b c e f g h
gamito : gamito a b e f g h
(etc...)

Besides these shares, there are the homes also.


Problems:

If hcoelho, for instance, copies a file to share [SAD], yesenia can't
open it (and it should, as above), because it is copied with group A.

I've already used "force group" in smb.conf, but then, my users can't
access their homes.

Following my signature is my smb.conf

Any help would be appreciated.

Warm Regards,
Mário Gamito


smb.conf:
------------------------------
######################################
#                                    #
# smb.conf : criado por Mário Gamito #
# Data: 21/06/04                     #
#                                    #
###################################### 


[global]
workgroup = NETUAL
netbios name = bateira
server string = Beatrix Kiddo

# scripts para alterar o /etc/passwd quando o utilizador muda a password
no Windows
passwd program = /usr/bin/passwd %u
passwd chat = *New*password* %n\n *Retype*new*password* %n\n
*passwd:*all*authentication*tokens*updated*successfully*
#username map = /etc/samba/smbusers

unix password sync = Yes
log level = 2
log file = /etc/samba/individual/%m.log
name resolve order = wins lmhosts host
time server = Yes
socket options = TCP_NODELAY IPTOS_LOWDELAY SO_SNDBUF=8192
SO_RCVBUF=8192
load printers = No
#oplocks = No

add user script = /usr/sbin/useradd -n -g domainusers -G domainguests -d
/dev/null -s /bin/false -M %u
delete user script = /usr/sbin/userdel %u
add group script = /usr/sbin/groupadd -r %g
delete group script = /usr/sbin/groupdel %g
add user to group script = /usr/bin/gpasswd -a %u %g
delete user from group script = /usr/bin/gpasswd -d %u %g
set primary group script = /usr/sbin/usermod -g '%g' '%u'
add machine script = /usr/sbin/adduser -n -g domainmachines -c Machine
-d /dev/null -s /bin/false %u

smb passwd file = /etc/samba/passwd

logon script = netualinit.bat
logon path = \\%L\profiles\%U
logon home = \\%L\%U
logon drive = H:
domain logons = Yes
os level = 64
preferred master = Yes
domain master = Yes
dns proxy = No
wins support = Yes
message command = echo obrigado | smbclient -M %f
panic action = echo Isto é uma mensagem automática: O servidor crashou.
Contacte o Mário Gamito | smbclient -M shuttle
host msdfs = Yes
admin users = domainroot
hosts allow = 10.10.1., 10.10.2.
hosts deny = ALL
hide files = /.bash_profile/.bash_logout/.bashrc/.gtkrc/.kde/.zshrc/

[homes]
comment = Home Directories
read only = No
browseable = No
create mask = 0600
directory mask = 0700

[Profiles]
comment = Windows profiles para os utilizadores que carregam as suas
preferências a partir do servidor.
path = /etc/samba/profiles
browseable = No
read only = No
create mask = 0600
directory mask = 0700

[netlogon]
comment = Network Logon Service
path = /etc/samba/netlogon
browseable = No
writeable = No
browseable = No

[arquivo]
comment = pasta de arquivo
path = /home/arquivo/
writeable = Yes
browseable = Yes
create mask = 660
directory mask = 777
#force group = @f

[SAD]
comment = pasta da SAD
path = /home/SAD
writeable = Yes
browseable = Yes
create mask = 660
directory mask = 770
#force group = @d

[DAT]
comment = pasta da DAT
path = /home/DAT
writeable = Yes
browseable = Yes
create mask = 660
directory mask = 770
#force group = @a

[DID]
comment = pasta da DID
path = /home/DID
writeable = Yes
browseable = Yes
create mask = 660
directory mask = 770
#force group = @b

[DGM]
comment = pasta da DGM
path = /home/DGM
writeable = Yes
browseable = Yes
create mask = 660
directory mask = 770
#force group = @c

[SAD]
comment = pasta da SAD
path = /home/SAD
writeable = Yes
browseable = Yes
create mask = 660
directory mask = 770
#force group = @d

[backups]
comment = pasta de backups
path = /home/backups
writeable = Yes
browseable = Yes
create mask = 666
directory mask = 770
#force group = @g

[biblioteca]
comment = pasta da biblioteca
path = /home/biblioteca
writeable = Yes
browseable = Yes
create mask = 666
directory mask = 777
#force group = @f

[desenvolvimento]
comment = pasta do devel team
path = /home/desenvolvimento
writeable = Yes
browseable = Yes
create mask = 660
directory mask = 770
#force group = @h

[publico]
comment = pasta publica
path = /home/publico
writeable = Yes
browseable = Yes
create mask = 666
directory mask = 777
#force group = @f

More information about the samba mailing list