On Wed, Feb 27, 2002 at 12:41:52PM +1100, Jeff Waugh wrote: > <quote who="Kerry Seibold"> > > > 770 gives rwx permission to owner and group, --- to other. > > 660 gives rw- permission to owner and group, --- to other. > > Yeah, generally the file ones are set to 660, and having stuff readable to > other is not good if you want to restrict it to a group.
Yes, and if you wanted to restrict it to a group, you probably wouldn't use force group. ( I wouldn't anyway ) By using force group, everyone who connects to the service will have their primary group changed to the forced group. ie they don't need to be a member of the group in /etc/passwd or /etc/group. A different way to do it, just as another example. addgroup sales adduser user1 sales # adds user1 to group sales adduser user2 sales # this doesn't work on all distros. mkdir /home/sales chown root:sales /home/sales/ chmod 2770 /home/sales/ [sales] path = /home/sales write list = @sales valid users = @sales inherit permissions = yes write list and valid users are extra security on top of the unix file permissions, you could remove them and add writable = yes and have the same effect. This example means all users that are a member of the sales group can share files, edit and delete other peoples file. If they're not a member of sales, they can't access the service at all. If I changed it to [sales] path = /home/sales writable = yes force group = sales force create mode = 770 create mode = 770 force directory mode = 770 directory mode = 770 Everyone would have read/write access to sales, regardless of what groups they are members of, regardless of other permissions. Which is fine, if thats what you want, and probably is what you want for a small office. I offer my example just as an alternative, and for review. -- SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/ More Info: http://lists.slug.org.au/listinfo/slug
