[Samba] directory permissions

Diego Julian Remolina dijuremo at math.gatech.edu
Sat May 14 01:13:08 GMT 2005


Please note that permissions changes on unix systems do not inmediately work
through samba if the user is already logged on.  Sometimes you need to
change the permissions in you unix system, then on the samba client log off,
and log back in so that the permissions are effective.  I have observed this
behaviour on RHEL4 with samba-3.0.10-1.4E.  It may be also necessary to have
mapped the groups prior to the client logging in (have not tested this).

Make sure that the user logged in is literally part of the group "users".  I
saw a problem where my account had the default group set to 513 (when I
created it in ldap) which is my "users" group and I called it "ibb", but the
permissions did not work until after I added my account explicitly to that
group in ldap (or in /etc/groups if you are not using the ldap backend).

dn: cn=ibb,ou=Group,ou=Staff,dc=ibb,dc=gatech,dc=edu
objectClass: posixGroup
objectClass: top
objectClass: sambaGroupMapping
cn: ibb
gidNumber: 513
memberUid: dr126

The other solution will be to use ACLs.  This depends on the file system you
are using and mounting it with the appropriate options.  You will then set
the permissions with setfacl and check them with getfacl.

You can actually create a default creation mask that includes permissions
for several users which may be refined on a per user basis, making sure they
have write access.

[root at arwen home]# getfacl gtecstudent
# file: gtecstudent
# owner: root
# group: gtecstudent
user::rwx
user:dr126:rwx
user:dg36:rwx
user:pm11:rwx
user:ss458:rwx
group::rwx
group:gtecstudent:rwx
mask::rwx
other::---
default:user::rwx
default:user:dr126:rwx
default:user:dg36:rwx
default:user:pm11:rwx
default:user:ss458:rwx
default:user:sg184:rwx
default:group::rwx
default:group:gtecstudent:rwx
default:mask::rwx
default:other::---

When you look at this permissions on a windows xp client, then you actually
see the per user permissions.  It is really cool.

Here is the link with an excellent explanation on using ACLs and examples:

http://www.vanemery.com/Linux/ACL/linux-acl.html

HTH,

Diego


-----Original Message-----
From: samba-bounces+dijuremo=math.gatech.edu at lists.samba.org
[mailto:samba-bounces+dijuremo=math.gatech.edu at lists.samba.org] On Behalf Of
Aubrey King
Sent: Friday, May 13, 2005 5:39 PM
To: samba at lists.samba.org
Subject: [Samba] directory permissions


I have just finished replacing a client's Windows / Exchange / IIS setup 
here with Samba / [Postfix, UW Imap] / Apache and I've run into an issue.  
In this setup, Samba acts as PDC, so there are NO WINDOWS SERVERS - only 
win clients.  One of the apps that they run seems to explicitly require 
that the user own the folder that they are saving to.  In their prior 
setup, this was easy, as you could set the directory owner to the users 
group in the domain and everything was happy.  Even though I did this:

net groupmap modify ntgroup="Domain Users" unixgroup=users

I still cannot set users as the owner.  i even created a user called users 
and tried to fake it, but no dice. 

Ideas?

-Aubrey King
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba




More information about the samba mailing list