[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: Problem with samba files ownership



IIRC you can set the sticky bits on the user and group.

chmod ug+s /home/data_cc

When a file is created in /home/data_cc it should now be owned by
the user and group that owns /home/data_cc.

I use this along with the mask and mode commands in the samba 
configuration file to restrict who can add directories and files 
and ensure that the created files have the same ownership and 
permissions no matter who puts them there.

Your setup seems overly liberal.

This is what I use:
---smb.conf---
# Global parameters
[global]
        workgroup = JUPITER
        netbios name = EUROPA
        server string = FreeBSD Samba Server
        unix password sync = yes
        encrypt passwords = Yes
        update encrypted = Yes
        restrict anonymous = Yes
#       ssl CA certFile = /usr/share/ssl/certs/ca-bundle.crt
        log file = /var/log/samba/log.%m.%U.%I
        max log size = 50
        debug uid = Yes
        socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
        character set = ISO8859-1
        os level = 66
        preferred master = Yes
        domain master = Yes
        wins support = Yes
        admin users = callisto
        create mask = 0644
        printing = cups

[homes]
        comment = Home Directories
        writeable = Yes
        browseable = No

[public]
        path = /var/backup/public-share/
        comment = Public file share area
        allow hosts = <list removed for privacy>
        create mask = 660
        write list = @public
        directory mask = 770

---

This is how I set the directory permissions.

---

drwxr-xr-x root wheel /var/backup/public-share

drwsrwsrwx root wheel /var/backup/public-share/Network Trash Folder
-r--r--r-- root wheel /var/backup/public-share/README.txt
drwsrwsrwx root wheel /var/backup/public-share/TheVolumeSettingsFolder
drwsr-sr-x root wheel /var/backup/public-share/Work

drwxrws--- root public /var/backup/public-share/Work/Documentation
drwxrws--- root public /var/backup/public-share/Work/Images
drwxrwx--- root wheel  /var/backup/public-share/Work/Misc
drwxrwxr-x root wheel  /var/backup/public-share/Work/Network
drwxrws--- root public /var/backup/public-share/Work/Forms
drwxrws--- root public /var/backup/public-share/Works/Products
drwxrwsr-x root public /var/backup/public-share/Work/Software
drwxr-xr-x root wheel  /var/backup/public-share/Work/Special

drwsrws--- root wheel  /var/backup/public-share/Work/Special/Secret
drwxrws-wx root wheel  /var/backup/public-share/Work/Special/moderated
drwxrwsr-x root wheel  /var/backup/public-share/Work/Special/readonly
drwxrws--- root public /var/backup/public-share/Work/Special/user-ro

---

As you can see by changing the group and permission a number of 
unique qualities can be configured. Users who belong to wheel 
have extensive privileges, users who belong to public have limited 
access, and users who don't belong to either group have very 
restricted access. Where you see an "s" instead of an "x" in a 
directories permissions it means the owner or group associated to the 
"s" is applied to any file or directory created in that directory.

This may be more complicated than you need because these directories
are also shared with netatalk. This is so that Macintosh, Windows 
and Unix/Linux machines have the same privileges depending on the 
user not the platform.

Hope this helps.

On Fri, 2005-07-01 at 11:40 +0000, mike wrote:
> I have a file-server running FC3, which is running in share mode (XP
> home machines)
> 
> I can mount shares and write files except for one major problem - all
> files are created with owner/group of nobody. This applies on bioth XP
> and FC3 machines. The same problem applies whether using smb or cifs
> 
> This causes problems especially sending mail
> 
> Any idea what is wrong?
> 
> This is my relevant smb.conf
> 
> [global]
> 	workgroup = brec
> 	wins support = yes
> 	netbios name = DATA_CC
> 	server string = breccc
> 	security = SHARE
> 	obey pam restrictions = Yes
> 	password server = None
> 	pam password change = Yes
> 	passwd program = /usr/bin/passwd %u
> 	passwd chat = *New*password* %n\n *Retype*new*password* %n\n
> *passwd:*all*authentication*tokens*updated*successfully*
> 	unix password sync = Yes
> 	log level = 3
> 	log file = /var/log/samba/%m.log
> 	max log size = 0
> 	socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
> 	name resolve order = wins lmhosts hosts bcast
> 	os level = 50
> 	preferred master = Yes
> 	domain master = Yes
> 	dns proxy = No
> 	ldap ssl = no
> 	create mask = 0777
> 	force create mode = 0777
> 	force security mode = 0777
> 	directory mask = 0777
> 	force directory mode = 0777
> 	force directory security mode = 0777
> 	guest ok = yes
> 	hosts allow = 192.168.1.4, 192.168.1.50,192.168.1.6, 127.0.0.1,
> 192.168.1.7,192.168.1.6
> 
> 	idmap uid = 16777216-33554431
> 	idmap gid = 16777216-33554431
> 	template shell = /bin/false
> 	winbind use default domain = no
> 
> [datacc]
> 	comment = shared data files for connecting communities
> 	path = /home/data_cc
> 	writeable = yes
> 	inherit permissions = Yes
> 
-- 
Guy Fraser
Network Administrator
The Internet Centre
1-888-450-6787
(780)450-6787


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]