[Samba] force group problem/question

John H Terpstra jht at samba.org
Sat Mar 5 15:28:07 GMT 2005 

On Saturday 05 March 2005 02:44, Sutto Zoltan wrote:
>     Hi!
>
>     I have a problem using force group option.
>
>     [docs]
>             comment = Docs share
>             path = /samba/docs
>             valid users = @info
>             force user = samba
>             force group = info
>             read only = No
>             force create mode = 0770
>             force directory mode = 0775
>
> Permissions:
>     chown samba:info /samba/docs
>     chmod 770 /samba/docs
>
> Groups and their members:
>         info:x:502:user1,user2,user3
>         support:x:504:user2
>
>     user2 primary group is support
>     user1 primary group is info
>
> When a user(s) whose primary group is SUPPORT  creates or modifies files in
> DOCS share
> the owner of these will change to group SUPPORT.
> In this case user(s) in INFO group cannot access these files.
>
> Why the group owner changes even using force group?
> I tried using force group = +info   too. It did not work.

Have you read the official samba documentation? The Samba-HOWTO-Collection has 
an entire chapter that is dedicated to explanation of how file, directory and 
share access permissions operate.

Check: http://www.samba.org/samba/docs/Samba-HOWTO-Collection

What you want does not require the nuclear strong-arm tactics you have 
attempted in the [docs] stanza, but can be achieved simply by setting the 
SGID bit on the /samba/docs directory, setting the group ownership of that 
same directory to the group who should own the files within it, and then 
setting the group read and write permission as you require.

eg: chown samba.info /samba/docs
      chmod u=rwx,g=rwxs,o-rwx /samba/docs

A stanza that can be used is:

[docs]
	path = /samba/docs
	read only = no
; The following is better handled by setting a share level ACL so that
; only the group 'info' can access the share. That has lower CUP overhead
' but if you do not set a share ACL the 'valid users' parameter comes in handy
	valid users = @info 

- John T.

>
>
>  How can I avoid group owner modifications?
>
>
>  Any help would be appreciated.
>
>
>  Zoltan Sutto

-- 
John H Terpstra
Samba-Team Member
Phone: +1 (650) 580-8668

Author:
The Official Samba-3 HOWTO & Reference Guide, ISBN: 0131453556
Samba-3 by Example, ISBN: 0131472216
Hardening Linux, ISBN: 0072254971
Other books in production.

More information about the samba mailing list