David,
I'm kinda shooting in the dark here, but from what I remember, you need to be able to manage various user files without affecting the user ownership and while preserving the 'security' of each users files from being seen from everybody else. What I would do is create a group in /etc/groups -- called 'manager' or whatever. The member(s) of the manager group would be whoever would need read/write access to every users files. I would then set user and group ownership of the user's home directories to "user.manager" via chown. That way cron or whatever is running as 'manager' could do whatever is needed globally for all users while preserving the individual user security. In that vein, force group = manager would assure access to the manager. The only fly in the ointment would be if you had a common share that all needed to access while you are still trying to preserve individual security to. But, heck, if that's the case, then individual security would be irrelevant unless you simply wanted to grant write access to each.
Like I said, I'm shooting in the dark, but that is my .02 on what you are looking at. Linux/samba is flexible enough from a permissions standpoint that you can do about anything you want to. The Linux basic permissions of user.group.world coupled with force user, force group and inherit permissions along with your /etc/group definitions are the basic building blocks for just about anything you can think of.
One other option would be to define an 'admin users = ' for the shares you want to manage. That is another option for giving a user or group of users rwx access to any share while preserving user privacy.
Hope this helps. And of course the disclaimer: I'm a lawyer, who use to be an engineer, who still 'thinks' he can stay reasonably current on his OS of choice, but has to regrettably admit that I am no authority on the finer points of coding/samba/Linux anymore. (that stopped when I quit babysitting 750,000 lines of FORTRAN known as SVDS (space vehicle dynamic simulation - the shuttle ascent launch processor in '89) (Yes that was at the time DIBS and DOLILU was coming online) (... and for the curious DOLILU = day of launch I-Load update)(uhh.. GNC, Pitch-Yaw-Roll stuff from SRB ignition to MECO)(uhh.. it's supposed to keep the wings from coming off going uphill)(and uhh.. again, ET foam shedding was never an issue while Martin-Marietta built the tank)(and uhh.. the Martin-Thiokol booster o-ring problem had been found and addressed by then [51-L] --> STS26)
--
David C. Rankin, J.D., P.E.
RANKIN LAW FIRM, PLLC
510 Ochiltree Street
Nacogdoches, Texas 75961
(936) 715-9333
(936) 715-9339 fax
www.rankin-bertin.com
--
----- Original Message ----- From: "David Wilson" <[EMAIL PROTECTED]>
To: "david rankin" <[EMAIL PROTECTED]>; "samba" <[email protected]>
Sent: Friday, January 28, 2005 12:51 AM
Subject: Re: [Samba] Inherit permissions question (Please help)
Hi David,
Thanks for your reply.
That would work but then because it's on the share for user's profiles each user would then be able to access everyone elses profile.
Please correct me if I'm wrong.
Kindest regards David Wilson _______________________________ D c D a t a Tel +27 33 342 7003 Fax +27 33 345 4155 Cell +27 82 4147413 http://www.dcdata.co.za [EMAIL PROTECTED] Powered by Linux, driven by passion ! _______________________________
"Computers are not intelligent. They only think they are."
----- Original Message ----- From: "david rankin" <[EMAIL PROTECTED]>
To: "samba" <[email protected]>
Sent: Friday, January 28, 2005 6:13 AM
Subject: Re: [Samba] Inherit permissions question (Please help)
Sorry I'm late on this thread, but would 'force user = ' force group = ' work?
--
David C. Rankin, J.D., P.E.
RANKIN LAW FIRM, PLLC
510 Ochiltree Street
Nacogdoches, Texas 75961
(936) 715-9333
(936) 715-9339 fax
www.rankin-bertin.com
--
----- Original Message ----- From: "David Wilson" <[EMAIL PROTECTED]>
To: "Craig White" <[EMAIL PROTECTED]>; <[email protected]>
Sent: Wednesday, January 26, 2005 3:26 AM
Subject: Re: [Samba] Inherit permissions question (Please help)
Hi Craig,
Thanks for your reply.
My suggestions for using a preexec script is a sort of "last resort" option. I could rather configure a job in cron that checks permissions.
Ideally I need the "inherit permissions" option but with the ability to also include user & group ownership. To get this done samba would require root privileges to change the ownership of files to that of the parent folder - which probably wouldn't be a good idea ?
Thanks for your help so far. Any assistance/input would be greatly appreciated.
Kindest regards David Wilson _______________________________ D c D a t a Tel +27 33 342 7003 Fax +27 33 345 4155 Cell +27 82 4147413 http://www.dcdata.co.za [EMAIL PROTECTED] Powered by Linux, driven by passion ! _______________________________
"Computers are not intelligent. They only think they are."
----- Original Message ----- From: "Craig White" <[EMAIL PROTECTED]>
To: <[email protected]>
Sent: Wednesday, January 26, 2005 10:41 AM
Subject: Re: [Samba] Inherit permissions question (Please help)
Am I the only one that thinks it's a terrible idea? When I need to make changes to user profiles, I use things like...
logon script perl/shell script updates on actual samba server
but I suppose that you could have a 'pre-exec' script that changes the ownership of all files in a person's profile be changed upon login.
Craig
-- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
-- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
-- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
-- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
