[EMAIL PROTECTED] schrieb:
Hello
I've a Samba server up and running (version 3.0.20b .deb found on
samba.org on a Debian Sarge), but it's not yet in production cause I'm
not satisfied with some file permissions.
The file permission I'd like to have would require to have files and
directories to inherit owner user and and owner group, with rights 770
and root.root as the owner. And the users rights being given trought the
"inherit acls" option.
The problem is "inherit owner" just works for the owner user, not the
owner group, so a patch to add an "inherit owner group" option would be
very useful.
For the ones who want the full details here it goes:
We have one share per service (IT, R&D, commercial...).
In each service the followin top level directories are created by by
admin with the following rights, that can't be changed by users:
- archives : One directory per year, with a service private data and a
service public data directories, files not needed any more are archived
here at the begening of each year. Same rights as bellow, with read
write access becoming read access.
- service stuff : Service stuff not submited to our quality process.
Read write access for domain admins and service users.
- service private data : Service private data submited to our quality
process. Read write access for domain admins and service users, read
access to quality service members.
- service public data : Service public data (to share with other
services) submited to our quality process. Read write access for domain
admins and service users, read access to domain users.
- service templates : Service Office and other software documents
templates. Read write access for domain admins and the person
responsible for the templates update, read access to domain users.
I've not found something better than what I exposed at the begining.
The problem with inherit owner not working for group owner is that any
new created file belongs to the "Domain Users" (primary group for every
user, many users belong to more than one service) with inherited rwx
rights thus breaking access rights rules I want.
Why not defining it explicitely in smb.conf? I'm happy with the folowing:
[mygroupshare]
comment = My Group
path = /data/shares/mygroup
writable = yes
valid users = @mygroup @admins
create mode = 0660
directory mode = 0770
force directory mode = 2000
force group = mygroup
Thomas
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/listinfo/samba
