[Samba] Access rights to a share

Martin Schmidt martin.schmidt at jielo.de
Mon Mar 14 07:08:51 GMT 2005


I have a share, to the MS-Office-files there only a special group has write 
access, for all others it's readonly.
I set directory mode 775 and file mode 664, force group to the groupname with 
write access, set readonly to "yes" and gave a writelist with my "authors 
group" and all worked fine.
Until I had some thinclients with citrix, trying to open the files in that 
They got the message there would be no more space left on the drive or memory 
is less, etc.
I suppose, MS-Word tries to create a temporary file just in the folder the 
original file exists, because, people in the "authors group" do not have that 
The "others" also do not have that problem, when they are not on a 
citrix-client. They use but the same MS-Office-Programm as on the citrix. 
I have searched a long while around, trying to find out where I could set the 
TEMP-directory, but all values I found point to the "C:" drive on the citrix.
So I changed the directory mask to 777, tested, no change, I set readonly to 
"no", everyone can open the files, but they are writeable to everyone. This 
cannot be accepted, there are critical datas only a few are permitted to 
Is there a way I can configure Linux/Samba to get "create" right's for 
everyone in the directroies, but readonly to a special group?

I use samba 3.01 on SuSE-Linux 8.1,

the section off the share in smb.conf:
        comment = Sammelmappen QS
        path = /share/Sammel
        browseable = yes
        read only = yes
        public = no
        create mode = 0664
        directory mode = 0777
        force group = QuS
        write list = @QuS , @edv
The global section smb.conf:
   workgroup = ghh
   guest account = nobody
   server string = hne4 - Dateien GHH
   use sendfile = no
   os level = 64
   kernel oplocks = no
   security = user
   hide dot files = yes
   domain master = yes
   prefered master = yes
   local master = yes
   dos charset = 850
   add user script = /usr/sbin/addsmbuser.sh %u
   add group script = /usr/sbin/smbgradd.sh %g
   add printer command = /usr/bin/addprinter.sh
   log level = 1
   log file = /usr/local/samba/var/samba.log.%m
   max log size = 50
   encrypt passwords = yes
   printing = LPRNG
   printcap name = /etc/printcap
   load printers =  yes
   printer admin = @ntadmin
   map to guest = Bad User
   interfaces =
   wins support = yes
   name resolve order = hosts wins bcast
   dns proxy = yes
   logon script =%U.bat
   domain logons = yes

kind regards 
Martin Schmidt

More information about the samba mailing list