[Samba] Inherit permissions question (Please help)

David Wilson dave at dcdata.co.za
Thu Jan 27 08:39:56 GMT 2005


Hi Thomas,

Thank you for your reply and for the information and ideas.

I think your option would work ok, but as you said a bit hairy with a lot of 
users. :) We have about 700 users that we are running off this Samba box so 
it would be a bit of a mission to keep maintained.

Mmmmm... I wonder what else I could try ?
Perhaps it would easier if I configure ACL support and just set the 
permissions manually each time a new file is copied to the users' areas by a 
Domain Admin ?


Kindest regards
David Wilson
_______________________________
D c D a t a
Tel +27 33 342 7003
Fax +27 33 345 4155
Cell +27 82 4147413
http://www.dcdata.co.za
support at dcdata.co.za
Powered by Linux, driven by passion !
_______________________________

"Computers are not intelligent. They only think they are."

----- Original Message ----- 
From: "Thomas Reiss" <thomas at mypoint.franken.de>
To: "David Wilson" <dave at dcdata.co.za>
Sent: Wednesday, January 26, 2005 7:42 PM
Subject: Re: [Samba] Inherit permissions question (Please help)


> Hallo David Wilson,
>
>> Hi Thomas,
>>
>> Thank you for your reply and the information.
>> Will the "s"-Bit cause all new files that are written by a "Domain Admin"
>> to the user1/ folder to be owned by "user1" ?
>
> No, cause only that the Group was always "Domain Admin".
>
>>
>> My problem is that "Domain Admins" can write to users' folders in the
>> [userprofile] share but then the respective user who owns the folder 
>> can't
>> access the new data in it.
>> The "inherit permisions" would solve my problem except that it does not
>> allow user/group ownership to be passed down onto files.
>> Any ideas ? :)
>
> hmm, can you set the "s"-Bit on the UID with chmod u+s user1/ ?
> Ok it make a test....hmm seems not funktional.
>
> I see in the Section of "inherit permissions" in "man smb.conf":
> ------------------------
> Note that the setuid bit is never set via inheritance (the  code
>               explicitly prohibits this)
> -----------------------
>
> Hmmm...i think the only way is to make a group "user1" and add the
> respective "Admin"-User to this Group and set the Permission to 770 and
> the Group to "user1-Group" of user1/ Folder.
> Additional add the "s"-bit to the Group and set "inherit permissions =
> yes" in smb.conf.
>
> But, this would be hairy on 2000 Users....
>
> Greetings
> Thomas
>
> 



More information about the samba mailing list