[Samba] group and user permissions issue.

Ian Warburton samba at irax.com
Wed Jun 23 12:14:06 GMT 2004 

I thought I had this sorted, However there is still a problem - Force
group greated the file with the group I required but also gave everyone
logging onto the share group access rights. If I take away the force group
then the group is set to the user primary group. and the teachers group
can't read the file.  what I require is for the group to be set to
teachers on file creation with no other implications. (if i use force
group +teachers then the force only occurs if the logon user is a member
of teachers , no use either)

Ian



> Thanks Steve
>
>
> I had clearly misunderstood the scope of force user. ( actually, it was
> force group ) but the principle is still the same.
>
> Tha ctual solution was to remove the line force group = teachers the
> rights then followed as expected.
>
> Ian
>
>
>
>
>
>
>> Ian,
>> 	You appear to be incorrectly using the "force user" parameter.
>>
>> From the smb.conf documentation:
>>
>> force user (S)
>> This specifies a UNIX user name that will be assigned as the default
>> user for all users connecting to this service. This is useful for
>> sharing files. You should also use it carefully as using it
>> incorrectly can cause security problems.
>>
>> This user name only gets used once a connection is established. Thus
>> clients still need to connect as a valid user and supply a valid
>> password. Once connected, all file operations will be performed as the
>> "forced user", no matter what username the client connected as. This
>> can be very useful.
>>
>>
>> This clearly explains the results you have achieved.
>>
>> Steve
>>
>>
>> Privileged/Confidential Information may be contained in this message.
>> If you are not the addressee indicated in this message (or responsible
>> for delivery of the message to such person), you may not copy or
>> deliver this message to anyone. In such case, you should destroy this
>> message and kindly notify the sender by reply email. Opinions,
>> conclusions and other information contained in this message that do
>> not relate to official business shall be understood as neither given
>> nor endorsed by ITS
>>
>> -----Original Message-----
>> From: Ian Warburton [mailto:samba at irax.com]
>> Sent: Tuesday, June 22, 2004 1:37 PM
>> To: samba at lists.samba.org
>> Subject: [Samba] group and user permissions issue.
>>
>>
>> I have browsed through loads of archive material and cant seem to find
>> anywhere where this exact issue has been posted.
>>
>>  am using samba 2.28 set up as an NT domain, there are no problems
>> with
>> the general configuration. My issue is witb samba not following the
>> permissons I have set on files in a shared directory.
>> Purpose: set up a directory for students and teachers where students
>> can leave files and only edit their own files, teachers can edit all
>> files.
>>
>> unix permissions for files are like this
>> -rwxrw----    1 student1 teachers        6 Jun 22 18:22 S1.txt*
>> -rwxrw----    1 student3 teachers       17 Jun 22 18:21 S3.txt*
>> -rwxrw----    1 student3 teachers        8 Jun 22 18:21 student3.txt*
>>
>> therefore students can edit their own files and teachers in the group
>> teachers can also edit the files.
>>
>>
>> I create a share in samba ie:
>>
>> [Student_GiveWorkIn]
>>         user = %U
>>         path = /home/Give_work_in
>>         create mode = 750
>>         write list = %U
>>         only user = yes
>>         force group = teachers
>>
>> this works however students using this share can edit each others
>> files.
>>
>> if I set the permissions to :
>>
>> -rwxr-----    1 student1 teachers        2 Jun 22 16:34 S1.txt*
>> -rwxr-----    1 student3 teachers        8 Jun 22 17:12 S3.txt*
>> -rwxr-----    1 student3 teachers        0 Jun 22 15:39 student3.txt*
>>
>> then students can edit their own files and no one elses, but the
>> teachers
>> group can't  edit them either ie chmod g+w  seems to mean that samba
>> gives
>> group access to the students as well as the teachers, when only the
>> teachers should have access.
>>
>> I am at a loss to explain this behaviour.
>>
>> Ian
>>
>>
>>
>> --
>> To unsubscribe from this list go to the following URL and read the
>> instructions:  http://lists.samba.org/mailman/listinfo/samba
>>
>> _____________________________________________________
>> This message was content-scanned by IXC Shield
>> Powered by GatewayDefender - BG0b1bd641.00000001.mml
>
>
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  http://lists.samba.org/mailman/listinfo/samba

More information about the samba mailing list