[Samba] patch request - inherit owner

initiators at free.fr initiators at free.fr
Tue Nov 22 08:15:11 GMT 2005 

Thomas Heiligenmann wrote:
> initiators at free.fr schrieb:
>> For the ones who want the full details here it goes:
>>
>> We have one share per service (IT, R&D, commercial...).
>> In each service the followin top level directories are created by by
>> admin with the following rights, that can't be changed by users:
>> - archives : One directory per year, with a service private data and a
>> service public data directories, files not needed any more are archived
>> here at the begening of each year. Same rights as bellow, with read
>> write access becoming read access.
>> - service stuff : Service stuff not submited to our quality process.
>> Read write access for domain admins and service users.
>> - service private data : Service private data submited to our quality
>> process. Read write access for domain admins and service users, read
>> access to quality service members.
>> - service public data : Service public data (to share with other
>> services) submited to our quality process. Read write access for domain
>> admins and service users, read access to domain users.
>> - service templates : Service Office and other software documents
>> templates. Read write access for domain admins and the person
>> responsible for the templates update, read access to domain users.
>>
>> I've not found something better than what I exposed at the begining.
>>
>> The problem with inherit owner not working for group owner is that any
>> new created file belongs to the "Domain Users" (primary group for every
>> user, many users belong to more than one service) with inherited rwx
>> rights thus breaking access rights rules I want.
>>
> 
> Why not defining it explicitely in smb.conf? I'm happy with the folowing:
> 
> [mygroupshare]
>     comment = My Group
>     path = /data/shares/mygroup
>     writable = yes
>     valid users = @mygroup @admins
>     create mode = 0660
>     directory mode = 0770
>     force directory mode = 2000
>     force group = mygroup
> 
> 
> Thomas
> 
> 

It's explained in the "details" part. There is one share per services,
but there are people not member of the service accessing the share.

More information about the samba mailing list