of course, i have thought about this, but it would be unfortunate to loose the file owner information. i would think that thre would be a more adequate way to handle such situation
----- Original Message ----- From: "James Kosin" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Monday, January 06, 2003 11:01 PM Subject: RE: [Samba] replacing a w2k machine with samba 2.2.7a > Alex, > > Hi... > The way I got around this was to create a share and use the "force user" and > "force group" options on the share. This makes everyone that can login to > the share have owner access to all files. This should solve your problems > and allow everyone to change RW options on the files. > > I used nobody as the owner and group! Just for security reasons, I don't > like using root for this. > > Thanks, > James Kosin > > Original Message > --------------------------- > Message: 3 > From: "Alex Kramarov" <[EMAIL PROTECTED]> > To: <[EMAIL PROTECTED]> > Date: Mon, 6 Jan 2003 19:10:48 +0200 > Subject: [Samba] replacing a w2k machine with samba 2.2.7a > > This is a multi-part message in MIME format. > > ------=_NextPart_000_0005_01C2B5B7.5276B870 > Content-Type: text/plain; > charset="windows-1255" > Content-Transfer-Encoding: quoted-printable > > Hi. > > First, i would like to thank samba developers for producing such a good = > product. Second, i have a few questions/remarks : > > I have recently replaced a w2k file server running in w2k domain (native = > mode) with samba 2.2.7a on RH 7.3 with the latest kernel, no acl, = > configured winbind, and ran into the problem described here : > > http://lists.samba.org/pipermail/samba-technical/2001-October/032017.html= > > > it would be helpful if this info made it's way into the winbind.html at = > the doc directory of the samba distribution - i waisted an hour tracking = > it down, and other people may just give up on it before finding the = > solution. > > After configuring everything, my samba server is running for 2 weeks = > already , without any major problems. i have a few minor problems though = > : > > generally, this server holds a few shares for several different groups = > in my organization. each share is writable for members of that group, = > and readable for the rest. this is accomplished by the following setup = > (a sniplet from my smb.conf regargding the "_creative" share): > > [global] > workgroup =3D MyOrg > winbind separator =3D + > winbind uid =3D 10000-20000 > winbind gid =3D 10000-20000 > winbind enum users =3D yes > winbind enum groups =3D yes > template homedir =3D /mnt/usersdata/_users/%U > security =3D domain > encrypt passwords =3D yes > dos filemode =3D yes > # security mask =3D 0000 > [_Creative] > comment =3D Creative division > path =3D /mnt/gendata/_creative > read only =3D no > create mode =3D 664 > directory mode =3D 775 > force security mode =3D 664 > force group =3D +MyOrg+Creative > write list =3D @MyOrg+Creative > > all files written to the share are mode 664, and directories are 775 .=20 > > There is a problem though, when an owner of the file sets the file read = > only, noone except him can remove the read only attribute, since the = > file becomes 444. i tried dos filemode - it's is not much help. is there = > a solution for this ? the problem is escalated by people copying many = > read only files into the share (like pictures from a cd), and other = > users can't remove the read only attribute. > > trying to solve the problem, i have tried to set "security mask =3D = > 0000" - but this was completely not helpful, setting files read only = > still worked. another problem was uncovered with this line - for some = > reason, people working in m$ work (yacccs) were not able to save their = > documents while working on the samba share - for some reason suring the = > save operation the file got the 000 permission, and of course nother = > else could be done with the file until i fixed the problem by chmod 664 = > of the file.=20 > > nt has the option to grans write control to a share, and full control. i = > would really like to make these shares only write accessible, and all = > attribute shanges would not be propagated tothe files themselvs - i = > don't mind that a person will not be able to set a file read only. all i = > want is for all my files to have the permission i set in createmode, = > whatever the user tries to do to it.=20 > > I have read the entire smb.conf documentation, and didn't find anything = > that could help me. am i missing something ? am i looking at is from the = > wrong direction ? > > right now the only solution i have is a cron job ran daily that runs = > find on all shared directories and changes permissions of all files to = > the default, and of course, this is not much of a solution... > > addition question i have is as follows : i want to provide a group of my = > users with a home directory, but not all of them - some users are = > administrative users only, and they don't need home dirs. i have started = > with something like this : > > [homes] > comment =3D Home Directories > path =3D /mnt/usersdata/_users/%S > browseable =3D no > writable =3D yes > valid users =3D MyOrg+alex MyOrg+alon MyOrg+ariela=20 > create mode =3D 0644 > directory mode =3D 0755 > > and these users get their directories fine, but these users who are not = > in valid users (and i don't want to provide them with home directories) = > still see a share of a home directory on that server (of course they = > can't connect to it, since it does't exist on the HD). what better way = > to do this ? > > Thank you. > > Alex. > > ------------------------------------------ > End of Original Message > > ---- > James Kosin <[EMAIL PROTECTED]> > > International Communications Group, Inc. > 200 Enterprise Drive > Newport News, VA 23603-1300 > -- United States of America -- > > Voice: +1 (757) 947-1030 x122 > Fax: +1 (757) 947-1035 > > ---- > "Walking on water and developing software to specification > are easy as long as both are frozen" - Edward V. Berard. > > > > -- > To unsubscribe from this list go to the following URL and read the > instructions: http://lists.samba.org/mailman/listinfo/samba > > . -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
