[Samba] Question about permissions

Christoph Scheeder christoph.scheeder at scheeder.de
Tue Jul 20 09:43:23 GMT 2004


Hi,
your first attempt with using "force group" is correct, but your syntax 
is not.
for "force group" you have to omit the '@' sign. it only takes the name 
of the group.
for example :
   force group = f

at least thats the way it works for me .... ;-)
Christoph

Mario Gamito schrieb:

> Hi,
> 
> First of all, my apologies for the extension of this message, but it is
> needeed for you to undertand my problem.
> 
> Straight to the point: i have this domain in my company running in Samba
> 3.0.2
> 
> My users are: hcoelho, jardim, gamito, yesenia, smatias, fqueiros,
> faugusto, vamaro, peixinho, aragao, dina, pinho.
> 
> I have this shares with the users that can access them and the
> correponding Linux groups: 
> 
> [DAT]: hcoelho, jardim, fqueiros, gamito, faugusto => Linux group A
> [DID]: hcoelho, jardim, gamito, faugusto, peixinho, aragao, vamaro =>
> Linux group B
> [DGM]: hcoelho, jardim, smatias => Linux group C
> [SAD]: hcoelho, jardi, yesenia => Linux group D
> [NTL]: Everybody => Linux group E
> [arquivo]: everybody
> [backups]: jardim, gamito, filipe => Linux group G
> [biblioteca]: everybody
> [desenvolvimento]: jardim, gamito, faugusto
> 
> 
> user's groups:
> coelho : d hcoelho a b c e f g
> jardim : d jardim a b c e f g h
> gamito : gamito a b e f g h
> (etc...)
> 
> Besides these shares, there are the homes also.
> 
> 
> Problems:
> 
> If hcoelho, for instance, copies a file to share [SAD], yesenia can't
> open it (and it should, as above), because it is copied with group A.
> 
> I've already used "force group" in smb.conf, but then, my users can't
> access their homes.
> 
> Following my signature is my smb.conf
> 
> Any help would be appreciated.
> 
> Warm Regards,
> Mário Gamito
> 
> 
> smb.conf:
> ------------------------------
> ######################################
> #                                    #
> # smb.conf : criado por Mário Gamito #
> # Data: 21/06/04                     #
> #                                    #
> ###################################### 
> 
> 
> [global]
> workgroup = NETUAL
> netbios name = bateira
> server string = Beatrix Kiddo
> 
> # scripts para alterar o /etc/passwd quando o utilizador muda a password
> no Windows
> passwd program = /usr/bin/passwd %u
> passwd chat = *New*password* %n\n *Retype*new*password* %n\n
> *passwd:*all*authentication*tokens*updated*successfully*
> #username map = /etc/samba/smbusers
> 
> unix password sync = Yes
> log level = 2
> log file = /etc/samba/individual/%m.log
> name resolve order = wins lmhosts host
> time server = Yes
> socket options = TCP_NODELAY IPTOS_LOWDELAY SO_SNDBUF=8192
> SO_RCVBUF=8192
> load printers = No
> #oplocks = No
> 
> add user script = /usr/sbin/useradd -n -g domainusers -G domainguests -d
> /dev/null -s /bin/false -M %u
> delete user script = /usr/sbin/userdel %u
> add group script = /usr/sbin/groupadd -r %g
> delete group script = /usr/sbin/groupdel %g
> add user to group script = /usr/bin/gpasswd -a %u %g
> delete user from group script = /usr/bin/gpasswd -d %u %g
> set primary group script = /usr/sbin/usermod -g '%g' '%u'
> add machine script = /usr/sbin/adduser -n -g domainmachines -c Machine
> -d /dev/null -s /bin/false %u
> 
> smb passwd file = /etc/samba/passwd
> 
> logon script = netualinit.bat
> logon path = \\%L\profiles\%U
> logon home = \\%L\%U
> logon drive = H:
> domain logons = Yes
> os level = 64
> preferred master = Yes
> domain master = Yes
> dns proxy = No
> wins support = Yes
> message command = echo obrigado | smbclient -M %f
> panic action = echo Isto é uma mensagem automática: O servidor crashou.
> Contacte o Mário Gamito | smbclient -M shuttle
> host msdfs = Yes
> admin users = domainroot
> hosts allow = 10.10.1., 10.10.2.
> hosts deny = ALL
> hide files = /.bash_profile/.bash_logout/.bashrc/.gtkrc/.kde/.zshrc/
> 
> [homes]
> comment = Home Directories
> read only = No
> browseable = No
> create mask = 0600
> directory mask = 0700
> 
> [Profiles]
> comment = Windows profiles para os utilizadores que carregam as suas
> preferências a partir do servidor.
> path = /etc/samba/profiles
> browseable = No
> read only = No
> create mask = 0600
> directory mask = 0700
> 
> [netlogon]
> comment = Network Logon Service
> path = /etc/samba/netlogon
> browseable = No
> writeable = No
> browseable = No
> 
> [arquivo]
> comment = pasta de arquivo
> path = /home/arquivo/
> writeable = Yes
> browseable = Yes
> create mask = 660
> directory mask = 777
> #force group = @f
> 
> [SAD]
> comment = pasta da SAD
> path = /home/SAD
> writeable = Yes
> browseable = Yes
> create mask = 660
> directory mask = 770
> #force group = @d
> 
> [DAT]
> comment = pasta da DAT
> path = /home/DAT
> writeable = Yes
> browseable = Yes
> create mask = 660
> directory mask = 770
> #force group = @a
> 
> [DID]
> comment = pasta da DID
> path = /home/DID
> writeable = Yes
> browseable = Yes
> create mask = 660
> directory mask = 770
> #force group = @b
> 
> [DGM]
> comment = pasta da DGM
> path = /home/DGM
> writeable = Yes
> browseable = Yes
> create mask = 660
> directory mask = 770
> #force group = @c
> 
> [SAD]
> comment = pasta da SAD
> path = /home/SAD
> writeable = Yes
> browseable = Yes
> create mask = 660
> directory mask = 770
> #force group = @d
> 
> [backups]
> comment = pasta de backups
> path = /home/backups
> writeable = Yes
> browseable = Yes
> create mask = 666
> directory mask = 770
> #force group = @g
> 
> [biblioteca]
> comment = pasta da biblioteca
> path = /home/biblioteca
> writeable = Yes
> browseable = Yes
> create mask = 666
> directory mask = 777
> #force group = @f
> 
> [desenvolvimento]
> comment = pasta do devel team
> path = /home/desenvolvimento
> writeable = Yes
> browseable = Yes
> create mask = 660
> directory mask = 770
> #force group = @h
> 
> [publico]
> comment = pasta publica
> path = /home/publico
> writeable = Yes
> browseable = Yes
> create mask = 666
> directory mask = 777
> #force group = @f
> 
> 



More information about the samba mailing list