[Samba] Question about permissions

Mario Gamito gamito at netual.pt
Tue Jul 20 09:47:55 GMT 2004 

Hi Christoph,

Thank you for your answer.

ok, i did that.
i suppose that now, assignin the user's primary group as their own, they
also can access their homes, right ?

Warm Regards,
Mário Gamito

On Tue, 2004-07-20 at 10:43, Christoph Scheeder wrote:
> Hi,
> your first attempt with using "force group" is correct, but your syntax 
> is not.
> for "force group" you have to omit the '@' sign. it only takes the name 
> of the group.
> for example :
>    force group = f
> 
> at least thats the way it works for me .... ;-)
> Christoph
> 
> Mario Gamito schrieb:
> 
> > Hi,
> > 
> > First of all, my apologies for the extension of this message, but it is
> > needeed for you to undertand my problem.
> > 
> > Straight to the point: i have this domain in my company running in Samba
> > 3.0.2
> > 
> > My users are: hcoelho, jardim, gamito, yesenia, smatias, fqueiros,
> > faugusto, vamaro, peixinho, aragao, dina, pinho.
> > 
> > I have this shares with the users that can access them and the
> > correponding Linux groups: 
> > 
> > [DAT]: hcoelho, jardim, fqueiros, gamito, faugusto => Linux group A
> > [DID]: hcoelho, jardim, gamito, faugusto, peixinho, aragao, vamaro =>
> > Linux group B
> > [DGM]: hcoelho, jardim, smatias => Linux group C
> > [SAD]: hcoelho, jardi, yesenia => Linux group D
> > [NTL]: Everybody => Linux group E
> > [arquivo]: everybody
> > [backups]: jardim, gamito, filipe => Linux group G
> > [biblioteca]: everybody
> > [desenvolvimento]: jardim, gamito, faugusto
> > 
> > 
> > user's groups:
> > coelho : d hcoelho a b c e f g
> > jardim : d jardim a b c e f g h
> > gamito : gamito a b e f g h
> > (etc...)
> > 
> > Besides these shares, there are the homes also.
> > 
> > 
> > Problems:
> > 
> > If hcoelho, for instance, copies a file to share [SAD], yesenia can't
> > open it (and it should, as above), because it is copied with group A.
> > 
> > I've already used "force group" in smb.conf, but then, my users can't
> > access their homes.
> > 
> > Following my signature is my smb.conf
> > 
> > Any help would be appreciated.
> > 
> > Warm Regards,
> > Mário Gamito
> > 
> > 
> > smb.conf:
> > ------------------------------
> > ######################################
> > #                                    #
> > # smb.conf : criado por Mário Gamito #
> > # Data: 21/06/04                     #
> > #                                    #
> > ###################################### 
> > 
> > 
> > [global]
> > workgroup = NETUAL
> > netbios name = bateira
> > server string = Beatrix Kiddo
> > 
> > # scripts para alterar o /etc/passwd quando o utilizador muda a password
> > no Windows
> > passwd program = /usr/bin/passwd %u
> > passwd chat = *New*password* %n\n *Retype*new*password* %n\n
> > *passwd:*all*authentication*tokens*updated*successfully*
> > #username map = /etc/samba/smbusers
> > 
> > unix password sync = Yes
> > log level = 2
> > log file = /etc/samba/individual/%m.log
> > name resolve order = wins lmhosts host
> > time server = Yes
> > socket options = TCP_NODELAY IPTOS_LOWDELAY SO_SNDBUF=8192
> > SO_RCVBUF=8192
> > load printers = No
> > #oplocks = No
> > 
> > add user script = /usr/sbin/useradd -n -g domainusers -G domainguests -d
> > /dev/null -s /bin/false -M %u
> > delete user script = /usr/sbin/userdel %u
> > add group script = /usr/sbin/groupadd -r %g
> > delete group script = /usr/sbin/groupdel %g
> > add user to group script = /usr/bin/gpasswd -a %u %g
> > delete user from group script = /usr/bin/gpasswd -d %u %g
> > set primary group script = /usr/sbin/usermod -g '%g' '%u'
> > add machine script = /usr/sbin/adduser -n -g domainmachines -c Machine
> > -d /dev/null -s /bin/false %u
> > 
> > smb passwd file = /etc/samba/passwd
> > 
> > logon script = netualinit.bat
> > logon path = \\%L\profiles\%U
> > logon home = \\%L\%U
> > logon drive = H:
> > domain logons = Yes
> > os level = 64
> > preferred master = Yes
> > domain master = Yes
> > dns proxy = No
> > wins support = Yes
> > message command = echo obrigado | smbclient -M %f
> > panic action = echo Isto é uma mensagem automática: O servidor crashou.
> > Contacte o Mário Gamito | smbclient -M shuttle
> > host msdfs = Yes
> > admin users = domainroot
> > hosts allow = 10.10.1., 10.10.2.
> > hosts deny = ALL
> > hide files = /.bash_profile/.bash_logout/.bashrc/.gtkrc/.kde/.zshrc/
> > 
> > [homes]
> > comment = Home Directories
> > read only = No
> > browseable = No
> > create mask = 0600
> > directory mask = 0700
> > 
> > [Profiles]
> > comment = Windows profiles para os utilizadores que carregam as suas
> > preferências a partir do servidor.
> > path = /etc/samba/profiles
> > browseable = No
> > read only = No
> > create mask = 0600
> > directory mask = 0700
> > 
> > [netlogon]
> > comment = Network Logon Service
> > path = /etc/samba/netlogon
> > browseable = No
> > writeable = No
> > browseable = No
> > 
> > [arquivo]
> > comment = pasta de arquivo
> > path = /home/arquivo/
> > writeable = Yes
> > browseable = Yes
> > create mask = 660
> > directory mask = 777
> > #force group = @f
> > 
> > [SAD]
> > comment = pasta da SAD
> > path = /home/SAD
> > writeable = Yes
> > browseable = Yes
> > create mask = 660
> > directory mask = 770
> > #force group = @d
> > 
> > [DAT]
> > comment = pasta da DAT
> > path = /home/DAT
> > writeable = Yes
> > browseable = Yes
> > create mask = 660
> > directory mask = 770
> > #force group = @a
> > 
> > [DID]
> > comment = pasta da DID
> > path = /home/DID
> > writeable = Yes
> > browseable = Yes
> > create mask = 660
> > directory mask = 770
> > #force group = @b
> > 
> > [DGM]
> > comment = pasta da DGM
> > path = /home/DGM
> > writeable = Yes
> > browseable = Yes
> > create mask = 660
> > directory mask = 770
> > #force group = @c
> > 
> > [SAD]
> > comment = pasta da SAD
> > path = /home/SAD
> > writeable = Yes
> > browseable = Yes
> > create mask = 660
> > directory mask = 770
> > #force group = @d
> > 
> > [backups]
> > comment = pasta de backups
> > path = /home/backups
> > writeable = Yes
> > browseable = Yes
> > create mask = 666
> > directory mask = 770
> > #force group = @g
> > 
> > [biblioteca]
> > comment = pasta da biblioteca
> > path = /home/biblioteca
> > writeable = Yes
> > browseable = Yes
> > create mask = 666
> > directory mask = 777
> > #force group = @f
> > 
> > [desenvolvimento]
> > comment = pasta do devel team
> > path = /home/desenvolvimento
> > writeable = Yes
> > browseable = Yes
> > create mask = 660
> > directory mask = 770
> > #force group = @h
> > 
> > [publico]
> > comment = pasta publica
> > path = /home/publico
> > writeable = Yes
> > browseable = Yes
> > create mask = 666
> > directory mask = 777
> > #force group = @f
> > 
> > 
>

More information about the samba mailing list