[Samba] group and user permissions issue.

Aden, Steve saden at itscommunications.com
Tue Jun 22 18:39:20 GMT 2004

	You appear to be incorrectly using the "force user" parameter.

>From the smb.conf documentation:

force user (S)
This specifies a UNIX user name that will be assigned as the default
user for all users connecting to this service. This is useful for
sharing files. You should also use it carefully as using it incorrectly
can cause security problems.

This user name only gets used once a connection is established. Thus
clients still need to connect as a valid user and supply a valid
password. Once connected, all file operations will be performed as the
"forced user", no matter what username the client connected as. This can
be very useful.

This clearly explains the results you have achieved.


Privileged/Confidential Information may be contained in this message. If you are not the addressee indicated in this message (or responsible for delivery of the message to such person), you may not copy or deliver this message to anyone. In such case, you should destroy this message and kindly notify the sender by reply email. Opinions, conclusions and other information contained in this message that do not relate to official business shall be understood as neither given nor endorsed by ITS

-----Original Message-----
From: Ian Warburton [mailto:samba at irax.com] 
Sent: Tuesday, June 22, 2004 1:37 PM
To: samba at lists.samba.org
Subject: [Samba] group and user permissions issue.

I have browsed through loads of archive material and cant seem to find
anywhere where this exact issue has been posted.

 am using samba 2.28 set up as an NT domain, there are no problems with
the general configuration. My issue is witb samba not following the
permissons I have set on files in a shared directory.
Purpose: set up a directory for students and teachers where students can
leave files and only edit their own files, teachers can edit all files.

unix permissions for files are like this
-rwxrw----    1 student1 teachers        6 Jun 22 18:22 S1.txt*
-rwxrw----    1 student3 teachers       17 Jun 22 18:21 S3.txt*
-rwxrw----    1 student3 teachers        8 Jun 22 18:21 student3.txt*

therefore students can edit their own files and teachers in the group
teachers can also edit the files.

I create a share in samba ie:

        user = %U
        path = /home/Give_work_in
        create mode = 750
        write list = %U
        only user = yes
        force group = teachers

this works however students using this share can edit each others files.

if I set the permissions to :

-rwxr-----    1 student1 teachers        2 Jun 22 16:34 S1.txt*
-rwxr-----    1 student3 teachers        8 Jun 22 17:12 S3.txt*
-rwxr-----    1 student3 teachers        0 Jun 22 15:39 student3.txt*

then students can edit their own files and no one elses, but the
group can't  edit them either ie chmod g+w  seems to mean that samba
group access to the students as well as the teachers, when only the
teachers should have access.

I am at a loss to explain this behaviour.


To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

This message was content-scanned by IXC Shield 
Powered by GatewayDefender - BG0b1bd641.00000001.mml

More information about the samba mailing list