[Samba] replacing a w2k machine with samba 2.2.7a

[Alex Kramarov]

Hi.   First, i would like to thank samba developers for producing such a good product. Second, i have a few questions/remarks :   I have recently replaced a w2k file server running in w2k domain (native mode) with samba 2.2.7a on RH 7.3 with the latest kernel, no acl, configured winbind, and ran into the problem described here :   http://lists.samba.org/pipermail/samba-technical/2001-October/032017.html   it would be helpful if this info made it's way into the winbind.html at the doc directory of the samba distribution - i waisted an hour tracking it down, and other people may just give up on it before finding the solution.   After configuring everything, my samba server is running for 2 weeks already , without any major problems. i have a few minor problems though :   generally, this server holds a few shares for several different groups in my organization. each share is writable for members of that group, and readable for the rest. this is accomplished by the following setup (a sniplet from my smb.conf regargding the "_creative" share):   [global]      workgroup = MyOrg      winbind separator = +      winbind uid = 10000-20000      winbind gid = 10000-20000      winbind enum users = yes      winbind enum groups = yes      template homedir = /mnt/usersdata/_users/%U      security = domain      encrypt passwords = yes      dos filemode = yes #     security mask = 0000 [_Creative]    comment = Creative division    path = /mnt/gendata/_creative    read only = no    create mode = 664    directory mode = 775    force security mode = 664    force group = +MyOrg+Creative    write list = @MyOrg+Creative   all files written to the share are mode 664, and directories are 775 .   There is a problem though, when an owner of the file sets the file read only, noone except him can remove the read only attribute, since the file becomes 444. i tried dos filemode - it's is not much help. is there a solution for this ? the problem is escalated by people copying many read only files into the share (like pictures from a cd), and other users can't remove the read only attribute.   trying to solve the problem, i have tried to set "security mask = 0000" - but this was completely not helpful, setting files read only still worked. another problem was uncovered with this line - for some reason, people working in m$ work (yacccs) were not able to save their documents while working on the samba share - for some reason suring the save operation the file got the 000 permission, and of course nother else could be done with the file until i fixed the problem by chmod 664 of the file.   nt has the option to grans write control to a share, and full control. i would really like to make these shares only write accessible, and all attribute shanges would not be propagated tothe files themselvs - i don't mind that a person will not be able to set a file read only. all i want is for all my files to have the permission i set in createmode, whatever the user tries to do to it.   I have read the entire smb.conf documentation, and didn't find anything that could help me. am i missing something ? am i looking at is from the wrong direction ?   right now the only solution i have is a cron job ran daily that runs find on all shared directories and changes permissions of all files to the default, and of course, this is not much of a solution...   addition question i have is as follows : i want to provide a group of my users with a home directory, but not all of them - some users are administrative users only, and they don't need home dirs. i have started with something like this :   [homes]    comment = Home Directories    path = /mnt/usersdata/_users/%S    browseable = no    writable = yes    valid users = MyOrg+alex MyOrg+alon MyOrg+ariela     create mode = 0644    directory mode = 0755   and these users get their directories fine, but these users who are not in valid users (and i don't want to provide them with home directories) still see a share of a home directory on that server (of course they can't connect to it, since it does't exist on the HD). what better way to do this ?   Thank you.   Alex.