[Samba] Inherit permissions question (Please help)
dave at dcdata.co.za
Thu Jan 27 08:39:56 GMT 2005
Thank you for your reply and for the information and ideas.
I think your option would work ok, but as you said a bit hairy with a lot of
users. :) We have about 700 users that we are running off this Samba box so
it would be a bit of a mission to keep maintained.
Mmmmm... I wonder what else I could try ?
Perhaps it would easier if I configure ACL support and just set the
permissions manually each time a new file is copied to the users' areas by a
Domain Admin ?
D c D a t a
Tel +27 33 342 7003
Fax +27 33 345 4155
Cell +27 82 4147413
support at dcdata.co.za
Powered by Linux, driven by passion !
"Computers are not intelligent. They only think they are."
----- Original Message -----
From: "Thomas Reiss" <thomas at mypoint.franken.de>
To: "David Wilson" <dave at dcdata.co.za>
Sent: Wednesday, January 26, 2005 7:42 PM
Subject: Re: [Samba] Inherit permissions question (Please help)
> Hallo David Wilson,
>> Hi Thomas,
>> Thank you for your reply and the information.
>> Will the "s"-Bit cause all new files that are written by a "Domain Admin"
>> to the user1/ folder to be owned by "user1" ?
> No, cause only that the Group was always "Domain Admin".
>> My problem is that "Domain Admins" can write to users' folders in the
>> [userprofile] share but then the respective user who owns the folder
>> access the new data in it.
>> The "inherit permisions" would solve my problem except that it does not
>> allow user/group ownership to be passed down onto files.
>> Any ideas ? :)
> hmm, can you set the "s"-Bit on the UID with chmod u+s user1/ ?
> Ok it make a test....hmm seems not funktional.
> I see in the Section of "inherit permissions" in "man smb.conf":
> Note that the setuid bit is never set via inheritance (the code
> explicitly prohibits this)
> Hmmm...i think the only way is to make a group "user1" and add the
> respective "Admin"-User to this Group and set the Permission to 770 and
> the Group to "user1-Group" of user1/ Folder.
> Additional add the "s"-bit to the Group and set "inherit permissions =
> yes" in smb.conf.
> But, this would be hairy on 2000 Users....
More information about the samba