I thought I had this sorted, However there is still a problem - Force group greated the file with the group I required but also gave everyone logging onto the share group access rights. If I take away the force group then the group is set to the user primary group. and the teachers group can't read the file. what I require is for the group to be set to teachers on file creation with no other implications. (if i use force group +teachers then the force only occurs if the logon user is a member of teachers , no use either)
Ian > Thanks Steve > > > I had clearly misunderstood the scope of force user. ( actually, it was > force group ) but the principle is still the same. > > Tha ctual solution was to remove the line force group = teachers the > rights then followed as expected. > > Ian > > > > > > >> Ian, >> You appear to be incorrectly using the "force user" parameter. >> >> From the smb.conf documentation: >> >> force user (S) >> This specifies a UNIX user name that will be assigned as the default >> user for all users connecting to this service. This is useful for >> sharing files. You should also use it carefully as using it >> incorrectly can cause security problems. >> >> This user name only gets used once a connection is established. Thus >> clients still need to connect as a valid user and supply a valid >> password. Once connected, all file operations will be performed as the >> "forced user", no matter what username the client connected as. This >> can be very useful. >> >> >> This clearly explains the results you have achieved. >> >> Steve >> >> >> Privileged/Confidential Information may be contained in this message. >> If you are not the addressee indicated in this message (or responsible >> for delivery of the message to such person), you may not copy or >> deliver this message to anyone. In such case, you should destroy this >> message and kindly notify the sender by reply email. Opinions, >> conclusions and other information contained in this message that do >> not relate to official business shall be understood as neither given >> nor endorsed by ITS >> >> -----Original Message----- >> From: Ian Warburton [mailto:[EMAIL PROTECTED] >> Sent: Tuesday, June 22, 2004 1:37 PM >> To: [EMAIL PROTECTED] >> Subject: [Samba] group and user permissions issue. >> >> >> I have browsed through loads of archive material and cant seem to find >> anywhere where this exact issue has been posted. >> >> am using samba 2.28 set up as an NT domain, there are no problems >> with >> the general configuration. My issue is witb samba not following the >> permissons I have set on files in a shared directory. >> Purpose: set up a directory for students and teachers where students >> can leave files and only edit their own files, teachers can edit all >> files. >> >> unix permissions for files are like this >> -rwxrw---- 1 student1 teachers 6 Jun 22 18:22 S1.txt* >> -rwxrw---- 1 student3 teachers 17 Jun 22 18:21 S3.txt* >> -rwxrw---- 1 student3 teachers 8 Jun 22 18:21 student3.txt* >> >> therefore students can edit their own files and teachers in the group >> teachers can also edit the files. >> >> >> I create a share in samba ie: >> >> [Student_GiveWorkIn] >> user = %U >> path = /home/Give_work_in >> create mode = 750 >> write list = %U >> only user = yes >> force group = teachers >> >> this works however students using this share can edit each others >> files. >> >> if I set the permissions to : >> >> -rwxr----- 1 student1 teachers 2 Jun 22 16:34 S1.txt* >> -rwxr----- 1 student3 teachers 8 Jun 22 17:12 S3.txt* >> -rwxr----- 1 student3 teachers 0 Jun 22 15:39 student3.txt* >> >> then students can edit their own files and no one elses, but the >> teachers >> group can't edit them either ie chmod g+w seems to mean that samba >> gives >> group access to the students as well as the teachers, when only the >> teachers should have access. >> >> I am at a loss to explain this behaviour. >> >> Ian >> >> >> >> -- >> To unsubscribe from this list go to the following URL and read the >> instructions: http://lists.samba.org/mailman/listinfo/samba >> >> _____________________________________________________ >> This message was content-scanned by IXC Shield >> Powered by GatewayDefender - BG0b1bd641.00000001.mml > > > > -- > To unsubscribe from this list go to the following URL and read the > instructions: http://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
