[Samba] inherit group on new files/directories
Andrew Masterson
Andrew.Masterson at nuvistaenergy.com
Tue Mar 10 21:11:25 GMT 2009
chmod g+s <dirname>
> -----Original Message-----
> From: samba-bounces+andrew.masterson=nuvistaenergy.com at lists.samba.org
> [mailto:samba-bounces+andrew.masterson=nuvistaenergy.com at lists.samba.org] On
> Behalf Of Lluís Forns
> Sent: Tuesday, March 10, 2009 5:22 AM
> To: samba at lists.samba.org
> Subject: [Samba] inherit group on new files/directories
>
> I have a share with folders belonging to diferent groups, with
> restricted access depending on unix groups.
> When a user creates a file inside one of this folders I want it created
> with "directory group"; I think it should be possible using "inherit
> acl" but it don't work; my share configuration is:
>
> [arees2]
> path = /home/samba/arees
> valid users = @users
> admin users = root
> read only = No
> create mask = 0770
> directory mask = 0770
> inherit permissions = Yes
> inherit acls = Yes
> inherit owner = Yes
>
> My share files are:
> drwxrwx--- 4 root disseny 4096 2009-03-09 12:45 disseny
> drwxrwx--- 40 root informatica 4096 2009-03-10 10:30 Informatica
> drwxrwx--- 14 root users 4096 2009-03-10 09:19 Plantilles
> drwxrwx--- 7 root relacions 4096 2008-11-19 18:06 Relacions
> drwxrwx--- 17 root secretaria 4096 2009-02-24 19:25 Secretaria
> drwxrwx--- 2 root informatica 4096 2009-03-02 13:07 Web
>
>
> Any hint?
>
> Just in case it is useful, my full smb.conf as "tesparm -v" is:
>
> [global]
> dos charset = CP850
> unix charset = UTF-8
> display charset = LOCALE
> workgroup = MEGOSG
> realm =
> netbios name = MEGSERVER
> netbios aliases =
> netbios scope =
> server string = %h (sevidor de fitxers)
> interfaces =
> bind interfaces only = No
> security = USER
> auth methods =
> encrypt passwords = Yes
> update encrypted = No
> client schannel = Auto
> server schannel = Auto
> allow trusted domains = Yes
> map to guest = Bad User
> null passwords = No
> obey pam restrictions = Yes
> password server = *
> smb passwd file = /etc/samba/smbpasswd
> private dir = /etc/samba
> passdb backend = tdbsam
> algorithmic rid base = 1000
> root directory =
> guest account = nobody
> enable privileges = Yes
> pam password change = Yes
> passwd program = /usr/bin/passwd %u
> passwd chat = *Enter\snew\s*\spassword:* %n\n
> *Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* .
> passwd chat debug = No
> passwd chat timeout = 2
> check password script =
> username map =
> password level = 0
> username level = 0
> unix password sync = Yes
> restrict anonymous = 0
> lanman auth = No
> ntlm auth = Yes
> client NTLMv2 auth = No
> client lanman auth = Yes
> client plaintext auth = No
> preload modules =
> use kerberos keytab = No
> log level = 3
> syslog = 0
> syslog only = No
> log file = /var/log/samba/log.%m
> max log size = 1000
> debug timestamp = Yes
> debug prefix timestamp = No
> debug hires timestamp = No
> debug pid = No
> debug uid = No
> enable core files = Yes
> smb ports = 445 139
> large readwrite = Yes
> max protocol = NT1
> min protocol = CORE
> read bmpx = No
> read raw = Yes
> write raw = Yes
> disable netbios = No
> reset on zero vc = No
> acl compatibility = auto
> defer sharing violations = Yes
> nt pipe support = Yes
> nt status support = Yes
> announce version = 4.9
> announce as = NT
> max mux = 50
> max xmit = 16644
> name resolve order = lmhosts host wins bcast
> max ttl = 259200
> max wins ttl = 518400
> min wins ttl = 21600
> time server = No
> unix extensions = Yes
> use spnego = Yes
> client signing = auto
> server signing = No
> client use spnego = Yes
> enable asu support = No
> svcctl list =
> deadtime = 0
> getwd cache = Yes
> keepalive = 300
> lpq cache time = 30
> max smbd processes = 0
> paranoid server security = Yes
> max disk size = 0
> max open files = 10000
> open files database hash size = 10007
> socket options = TCP_NODELAY
> use mmap = Yes
> hostname lookups = No
> name cache timeout = 660
> load printers = Yes
> printcap cache time = 750
> printcap name = cups
> cups server =
> iprint server =
> disable spoolss = No
> addport command =
> enumports command =
> addprinter command =
> deleteprinter command =
> show add printer wizard = Yes
> os2 driver map =
> mangling method = hash2
> mangle prefix = 1
> max stat cache size = 1024
> stat cache = Yes
> machine password timeout = 604800
> add user script = /usr/sbin/adduser --quiet --disabled-password
> --gecos "" %u
> rename user script =
> delete user script = /usr/sbin/userdel -r %u
> add group script = /usr/sbin/groupadd %g
> delete group script = /usr/sbin/groupdel %g
> add user to group script = /usr/sbin/usermod -G %g %u
> delete user from group script =
> set primary group script =
> add machine script = /usr/sbin/useradd -s /bin/false/ -d
> /var/lib/nobody %u
> shutdown script =
> abort shutdown script =
> username map script =
> logon script = logon.cmd
> logon path = \\%L\profiles\%U
> logon drive = Z:
> logon home = \\%N\%U
> domain logons = Yes
> os level = 20
> lm announce = Auto
> lm interval = 60
> preferred master = Yes
> local master = Yes
> domain master = Auto
> browse list = Yes
> enhanced browsing = Yes
> dns proxy = No
> wins proxy = No
> wins server =
> wins support = No
> wins hook =
> kernel oplocks = Yes
> lock spin time = 200
> oplock break wait time = 0
> ldap admin dn =
> ldap delete dn = No
> ldap group suffix =
> ldap idmap suffix =
> ldap machine suffix =
> ldap passwd sync = no
> ldap replication sleep = 1000
> ldap suffix =
> ldap ssl =
> ldap timeout = 15
> ldap page size = 1024
> ldap user suffix =
> ldap debug level = 0
> ldap debug threshold = 10
> add share command =
> change share command =
> delete share command =
> eventlog list =
> config file =
> preload =
> lock directory =
> pid directory = /var/run/samba
> utmp directory =
> wtmp directory =
> utmp = No
> default service =
> message command =
> get quota command =
> set quota command =
> remote announce =
> remote browse sync =
> socket address = 0.0.0.0
> homedir map = auto.home
> afs username map =
> afs token lifetime = 604800
> log nt token command =
> time offset = 0
> NIS homedir = No
> usershare allow guests = Yes
> usershare max shares = 100
> usershare owner only = Yes
> usershare path = /var/lib/samba/usershares
> usershare prefix allow list =
> usershare prefix deny list =
> usershare template share =
> panic action = /usr/share/samba/panic-action %d
> host msdfs = No
> passdb expand explicit = No
> idmap domains =
> idmap backend =
> idmap alloc backend =
> idmap cache time = 900
> idmap negative cache time = 120
> idmap uid = 10000-20000
> idmap gid = 10000-20000
> template homedir = /home/%D/%U
> template shell = /bin/bash
> winbind separator = \
> winbind cache time = 300
> winbind enum users = No
> winbind enum groups = No
> winbind use default domain = No
> winbind trusted domains only = No
> winbind nested groups = Yes
> winbind nss info = template
> winbind refresh tickets = No
> winbind offline logon = No
> winbind normalize names = No
> comment =
> path =
> username =
> invalid users =
> valid users =
> admin users = @admin, @sistemes
> read list =
> write list =
> printer admin =
> force user =
> force group =
> read only = Yes
> acl check permissions = Yes
> acl group control = No
> acl map full control = Yes
> create mask = 0744
> force create mode = 00
> security mask = 0777
> force security mode = 00
> directory mask = 0755
> force directory mode = 00
> directory security mask = 0777
> force directory security mode = 00
> force unknown acl user = No
> inherit permissions = No
> inherit acls = No
> inherit owner = No
> guest only = No
> administrative share = No
> guest ok = No
> only user = No
> hosts allow =
> hosts deny =
> allocation roundup size = 1048576
> aio read size = 0
> aio write size = 0
> aio write behind =
> ea support = No
> nt acl support = Yes
> profile acls = No
> map acl inherit = No
> afs share = No
> block size = 1024
> change notify = Yes
> directory name cache size = 100
> kernel change notify = Yes
> max connections = 0
> min print space = 0
> strict allocate = No
> strict sync = No
> sync always = No
> use sendfile = No
> write cache size = 0
> max reported print jobs = 0
> max print jobs = 1000
> printable = No
> printing = cups
> cups options =
> print command =
> lpq command = %p
> lprm command =
> lppause command =
> lpresume command =
> queuepause command =
> queueresume command =
> printer name =
> use client driver = No
> default devmode = Yes
> force printername = No
> printjob username = %U
> default case = lower
> case sensitive = Auto
> preserve case = Yes
> short preserve case = Yes
> mangling char = ~
> hide dot files = Yes
> hide special files = No
> hide unreadable = Yes
> hide unwriteable files = No
> delete veto files = No
> veto files =
> hide files =
> veto oplock files =
> map archive = Yes
> map hidden = No
> map system = No
> map readonly = yes
> mangled names = Yes
> mangled map =
> store dos attributes = No
> dmapi support = No
> browseable = Yes
> blocking locks = Yes
> csc policy = manual
> fake oplocks = No
> locking = Yes
> oplocks = Yes
> level2 oplocks = Yes
> oplock contention limit = 2
> posix locking = Yes
> strict locking = Auto
> share modes = Yes
> dfree cache time = 0
> dfree command =
> copy =
> include =
> preexec =
> preexec close = No
> postexec =
> root preexec =
> root preexec close = No
> root postexec =
> available = Yes
> volume =
> fstype = NTFS
> set directory = No
> wide links = Yes
> follow symlinks = Yes
> dont descend =
> magic script =
> magic output =
> delete readonly = No
> dos filemode = No
> dos filetimes = Yes
> dos filetime resolution = No
> fake directory create times = No
> vfs objects =
> msdfs root = No
> msdfs proxy =
>
> [homes]
> comment = Home Directories
> valid users = %S
> read only = No
> create mask = 0700
> directory mask = 0700
> browseable = No
>
> [netlogon]
> comment = Network Logon Service
> path = /home/samba/netlogon
> valid users = %U
> admin users = root
> guest ok = Yes
> share modes = No
>
> [profiles]
> comment = Users profiles
> path = /home/samba/profiles
> valid users = %U, %S, @users
> read only = No
>
> [printers]
> comment = All Printers
> path = /var/spool/samba
> create mask = 0700
> printable = Yes
> browseable = No
>
> [print$]
> comment = Printer Drivers
> path = /var/lib/samba/printers
>
> [sistema]
> path = /
> valid users = root, @sistemes
> admin users = root, @sistemes
> force user = root
> force group = root
> read only = No
>
> [arees2]
> path = /home/samba/arees
> valid users = @users
> admin users = root
> read only = No
> create mask = 0770
> directory mask = 0770
> inherit permissions = Yes
> inherit acls = Yes
> inherit owner = Yes
>
>
> --
>
>
> <http://www.escoltesiguies.cat>*Lluís Forns - Tècnic Informàtic *
> *Servei d'Informàtica*
>
> *Minyons Escoltes i Guies de Catalunya (MEG)*
> *Telèfon:* 93 590 27 00
> *Fax:* 93 590 04 92
> *www.escoltesiguies.cat*
>
> No m'imprimeixis si no és necessari. Protegim el medi ambient.
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/options/samba
More information about the samba
mailing list