[Samba] file and directory permissions?

[Daniel Mader]

Hello, 

we have a SLES 10SP2 setup with some collaboration shares distributed with 
Samba. In order to make sure files and folders on these shares are readable 
*and* writeable, the shares typically look like this:

[public]
path = /home/01_public
create mask = 740
directory mask = 750
force create mode = 220
force directory mode = 770
force group = optiker
read list = zhang, @optiker
write list = @optiker

With this, we want to have new or copied files to get -rw-rw and new or 
copied folders to get drwxrwx---.

This works OK for the Windows clients but the unixlike clients (Linux and 
MacOSX) write files with -rwxrw-r--, which is a little different from what we 
expect. Folders are allright.

The file creation works for Linux and Mac boxes, too, when the global option 
unix extensions = no is set. Yet, this leads to some unwanted behavior on 
the unixoid clients: they can no longer see who created a file, and what the 
actual permissions really are...

So, the question is: how can we make sure that files and folders are created 
with certain permissions for all client platforms, and without disabling unix 
extensions?

Also, it does not help to use ACLs on the share parent folders since the file 
permissions are the same as above, then...

Any help is deeply appreciated!


What follows is the global section of the smb.conf, just in case.

[global]
add machine script = /usr/sbin/useradd  -c Machine -d /var/lib/nobody 
-s 
/bin/false %m$
domain logons = Yes
domain master = Yes
hide dot files = yes
hide special files = yes
hosts allow = 127.0.0.1 192.168.173.0/24 132.230.0.0/16
hosts deny = 0.0.0.0/0
idmap backend = ldap:ldap://127.0.0.1
ldap admin dn = cn=moadmin,dc=micro-optics,dc=uni
ldap delete dn = No
ldap group suffix = ou=gruppen
ldap idmap suffix = ou=Idmap
ldap machine suffix = ou=Machines
ldap passwd sync = Yes
ldap replication sleep = 1000
ldap ssl = Start_tls
ldap suffix = dc=micro-optics,dc=uni
ldap timeout = 5
ldap user suffix = ou=nutzer
local master = Yes
log level = 3
logon drive = L:
logon path = \\%L\%U\_msprofile
logon script = logon.bat
netbios name = rioja
os level = 65
passdb backend = ldapsam:ldap://127.0.0.1
preferred master = Yes
security = user
#   unix extensions = no
wins support = Yes
workgroup = micro-optics

[netlogon]
comment = Network Logon Service
path = /var/lib/samba/netlogon
write list = root
browsable = no
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] File and Directory permissions

[Benjamin Stewart -NEW]

Greetings,
We are in the process of moving all our files from Windows 2000 Server 
to Samba running on RedHat 8.0. Have had a failry smooth ride, but this 
morning I was asked to restrict access to a particular directory in a 
particular share to a group of users. How do I do this ? Am I better to 
create a new share and share that folder out from there setting 
permissions etc.

When the files were stored on win2000 server I was able to go to the 
security tab and add/select/change users from there. Is there a way to 
do this from the linux box where ths files are stored ?

Thanks

Ben

--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

Re: [Samba] File and Directory permissions

[bkrusic]

Hi,

Your q has a few answers.

Mine;

1 - used create mode = , direcory mode = flags.
2 - manipulated uig/gid to get the perms that I
desired.

There seems a more elegant approach, ACLs.  Some
journaling file systems have inherant support for this
as well (ie; sgi_xfs).

I would recommend using ACLs as with my approach
requires understanding perm bits (rwx, t ,s bits
etc...) and some Perl to wrap it up in a nice
automated task.

Bri- 

__
Do you Yahoo!?
Yahoo! Platinum - Watch CBS' NCAA March Madness, live on your desktop!
http://platinum.yahoo.com
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba