[Samba] Newbie question - force file permission to user's secondary groups.

Conta Falsa 337 contafalsa337 at gmail.com
Mon May 18 11:24:07 GMT 2009

I read http://us1.samba.org/samba/docs/man/manpages-3/smb.conf.5.html the
part regarding "group" or "force group" directive, and it's not clear to me
if I can have more than one instance of this directive, since I need the
group to be forced depending on which share the user is creating the file.

 An example:

  user: james
  first share: projectX (he is a member of the group projectX)
  second share: projectY (he is a member of the group projectY)

 James is a member of both groups, since I don't use PDC (Vista clients),
the first time the user tries to access the shared folder, he will be asked
for the password, say he first opens /projectX, then he will be forced do
group projectX, but what if he opens projectY and tries to write there?

  - Is it possible to have "force group" on the shares section, so each
share has one?
  - Will the user be asked for the password again,if he opens the second
share (without rebooting Windows)? The "change" of the primary group will
happen transparently, or the user would have to disconnect, and then open
the /projectY (therefore having to type his username/password again)?

 thanks for your time.

2009/5/15 Liutauras Adomaitis <liutauras.adomaitis at gmail.com>

> On Fri, May 15, 2009 at 4:27 PM, Conta Falsa 337
> <contafalsa337 at gmail.com> wrote:
> > samba version is  3.0.28a-1ubuntu4.7
> > --
> >
> > I created users on both samba and the linux system, and created 3 groups
> on
> > the system. Each of these groups own a specific directory, the directory
> on
> > the filesystem belongs to root.groupfoo. On my smb.conf I gave each of
> these
> > groups write access to its directory (@groupfoo to the share /groupfoo).
> So
> > now every linux user belonging to groupfoo can write there. The problem
> is,
> > groupfoo is not the user's primary group, so the file is created with
> > permission user1.user1, and not user1.groupfoo, therefore, other users
> > belonging to groupfoo cannot edit or delete that file. I read smb.conf
> > manual, but found no option to enforce that if the top directory belongs
> to
> > root.groupfoo all files created under there will belong to
> > "userxyz.groupfoo", so I set on the filesystem each of those 3
> directories
> > to be setgid, so now every file created under, say, /groupbar (belongs to
> > root.groupbar), has this permission: userabc.groupbar. I would like that
> the
> > file/directory created belongs to the user executing the operation, and
> to
> > the toplevel group owning that share, since a user can belong to 2 or all
> of
> > those 3 groups mentioned, knowing that every user does not have any of
> those
> > 3 groups as primary group.
> >
> >  Is this the right approach  or did I misunderstood the manual and I
> should
> > do this only on smb.conf and not have to enforce it on the filesystem?
> >
> Sounds to me this is a force group directive which should take care of
> this.
> Liutauras
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba

More information about the samba mailing list