Prezados colegas,
Tenho um samba+ldap configurado da seguinte forma:
O que acontece é o seguinte:
Há um compartilhamento
2422465 8 drwxrwx--- 8 user1 group1 4096 Feb 9 15:21 dir1
umask 022
dir1
|
|__subdir1
| |
| |____subdir1-1
| |
| |____subdir1-2
|
|__subdir2
As permissões do dir1 são user1.group1 ( 770 ) recursivamente
No entanto o primary group do user1 é o group2 mas ele por sua vez também é
membro do group1
Para que o user1 grave arquivos nesse compartilhamento e esse arquivo criado
mantenha as permissões do dir1, ou seja, o group owner do arquivo criado ,
respeite as permissões do diretório pai, o que eu devo fazer?
smb.conf:
# Global parameters
[global]
workgroup = SARGAS
netbios name = server
security = user
enable privileges = yes
interfaces = 192.168.0.2
#username map = /etc/samba/smbusers
server string = Servidor de Arquivos - Samba %v
#security = ads
encrypt passwords = Yes
#min passwd length = 4
#pam password change = no
#obey pam restrictions = No
ldap passwd sync = Yes
unix password sync = no
passwd program = /usr/local/samba/smbldap-tools/smbldap-passwd -u %u
passwd chat = "Changing password for*\nNew password*" %n\n "*Retype
new password*" %n\n"
#passwd chat debug = Yes
log level = 0
syslog = 0
log file = /var/log/samba/log.%m
max log size = 100000
time server = Yes
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
mangling method = hash2
Dos charset = 850
Unix charset = ISO8859-1
logon script = logon.bat
logon drive = H:
logon home = /home/%g
logon path =
domain logons = Yes
domain master = Yes
inherit permissions=yes
os level = 65
preferred master = Yes
wins support = yes
passdb backend = ldapsam:ldap://192.168.0.1/
ldap admin dn = cn=Manager,dc=sargas,dc=com,dc=br
ldap suffix = dc=sargas,dc=com,dc=br
ldap group suffix = ou=grupos
ldap user suffix = ou=contas
ldap machine suffix = ou=micros
ldap idmap suffix = ou=Idmap
idmap backend = ldap:ldap://192.168.0.1
idmap uid = 10000-20000
idmap gid = 10000-20000
add user script = /opt/IDEALX/sbin/smbldap-useradd -m "%u"
ldap delete dn = Yes
delete user script = /opt/IDEALX/sbin/smbldap-userdel "%u"
add machine script = /opt/IDEALX/sbin/smbldap-useradd -t 0 -w "%u"
add group script = /opt/IDEALX/sbin/smbldap-groupadd -p "%g"
delete group script = /opt/IDEALX/sbin/smbldap-groupdel "%g"
add user to group script = /opt/IDEALX/sbin/smbldap-groupmod -m "%u"
"%g"
delete user from group script = /opt/IDEALX/sbin/smbldap-groupmod -x
"%u" "%g"
set primary group script = /opt/IDEALX/sbin/smbldap-usermod -g '%g'
'%u'
# printers configuration
printer admin = @"Print Operators"
load printers = Yes
create mask = 0640
directory mask = 0750
#force create mode = 0640
#force directory mode = 0750
nt acl support = No
printing = cups
printcap name = cups
deadtime = 10
guest account = nobody
map to guest = Bad User
dont descend = /proc,/dev,/etc,/lib,/lost+found,/initrd
show add printer wizard = yes
; to maintain capital letters in shortcuts in any of the profile
folders:
preserve case = yes
short preserve case = yes
case sensitive = no
#============================ Share Definitions
==============================
idmap uid = 16777216-33554431
idmap gid = 16777216-33554431
template shell = /bin/false
winbind use default domain = no
[homes]
comment = Home Directories
browseable = no
writable = yes
valid users = %S
create mode = 0664
directory mode = 0775
vfs objects = audit recycle
recycle: repository = .lixeira
recycle: keeptree=True
recycle: versions=True
recycle: noversions = .doc|.xls|.ppt|.cdr
recycle: touch=True
recycle: exclude = *.tmp *.TMP *.temp *.o *.obj ~$* *.TMP
# vfs object = /usr/lib/samba/vfs/recycle.so
# vfs options = /etc/samba/recycle.conf
# If you want users samba doesn't recognize to be mapped to a guest user
; map to guest = bad user
# Un-comment the following and create the netlogon directory for Domain
Logons
[netlogon]
comment = Network Logon Service
path = /home/netlogon
guest ok = yes
browseable = no
writable = no
share modes = no
# Un-comment the following to provide a specific roving profile share
# the default is to use the user's home directory
#[Profiles]
# path = /usr/local/samba/profiles
# browseable = yes
# guest ok = yes
# NOTE: If you have a BSD-style print system there is no need to
# specifically define each individual printer
[printers]
comment = All Printers
path = /var/spool/samba
browseable = yes
# Set public = yes to allow user 'guest account' to print
guest ok = no
writable = no
printable = yes
[dir1]
recycle: repository = .lixeira
write list = @Consultores,@Administrativo,@Master
recycle: keeptree = True
force group = Consultores
vfs objects = audit recycle
browseable = no
writeable = yes
recycle: versions = False
path = /samba/Projetos_Atuais
directory mode = 0770
recycle:exclude = *.tmp *.TMP *.temp *.o *.obj ~$*
comment = Diretorio Projetos Atuais
valid users = @Consultores,@Administrativo,@Master
create mode = 000
recycle: touch = True
---------------------------------------------------------------------------
Esta lista é patrocinada pela Conectiva S.A. Visite http://www.conectiva.com.br
Arquivo: http://bazar2.conectiva.com.br/mailman/listinfo/linux-br
Regras de utilização da lista: http://linux-br.conectiva.com.br
FAQ: http://www.zago.eti.br/menu.html
