Thomas Heiligenmann wrote: > [EMAIL PROTECTED] schrieb: >> For the ones who want the full details here it goes: >> >> We have one share per service (IT, R&D, commercial...). >> In each service the followin top level directories are created by by >> admin with the following rights, that can't be changed by users: >> - archives : One directory per year, with a service private data and a >> service public data directories, files not needed any more are archived >> here at the begening of each year. Same rights as bellow, with read >> write access becoming read access. >> - service stuff : Service stuff not submited to our quality process. >> Read write access for domain admins and service users. >> - service private data : Service private data submited to our quality >> process. Read write access for domain admins and service users, read >> access to quality service members. >> - service public data : Service public data (to share with other >> services) submited to our quality process. Read write access for domain >> admins and service users, read access to domain users. >> - service templates : Service Office and other software documents >> templates. Read write access for domain admins and the person >> responsible for the templates update, read access to domain users. >> >> I've not found something better than what I exposed at the begining. >> >> The problem with inherit owner not working for group owner is that any >> new created file belongs to the "Domain Users" (primary group for every >> user, many users belong to more than one service) with inherited rwx >> rights thus breaking access rights rules I want. >> > > Why not defining it explicitely in smb.conf? I'm happy with the folowing: > > [mygroupshare] > comment = My Group > path = /data/shares/mygroup > writable = yes > valid users = @mygroup @admins > create mode = 0660 > directory mode = 0770 > force directory mode = 2000 > force group = mygroup > > > Thomas > >
It's explained in the "details" part. There is one share per services, but there are people not member of the service accessing the share. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
