Problem with samba files ownership
Guy Fraser
guy at incentre.net
Fri Jan 7 20:59:59 UTC 2005
IIRC you can set the sticky bits on the user and group.
chmod ug+s /home/data_cc
When a file is created in /home/data_cc it should now be owned by
the user and group that owns /home/data_cc.
I use this along with the mask and mode commands in the samba
configuration file to restrict who can add directories and files
and ensure that the created files have the same ownership and
permissions no matter who puts them there.
Your setup seems overly liberal.
This is what I use:
---smb.conf---
# Global parameters
[global]
workgroup = JUPITER
netbios name = EUROPA
server string = FreeBSD Samba Server
unix password sync = yes
encrypt passwords = Yes
update encrypted = Yes
restrict anonymous = Yes
# ssl CA certFile = /usr/share/ssl/certs/ca-bundle.crt
log file = /var/log/samba/log.%m.%U.%I
max log size = 50
debug uid = Yes
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
character set = ISO8859-1
os level = 66
preferred master = Yes
domain master = Yes
wins support = Yes
admin users = callisto
create mask = 0644
printing = cups
[homes]
comment = Home Directories
writeable = Yes
browseable = No
[public]
path = /var/backup/public-share/
comment = Public file share area
allow hosts = <list removed for privacy>
create mask = 660
write list = @public
directory mask = 770
---
This is how I set the directory permissions.
---
drwxr-xr-x root wheel /var/backup/public-share
drwsrwsrwx root wheel /var/backup/public-share/Network Trash Folder
-r--r--r-- root wheel /var/backup/public-share/README.txt
drwsrwsrwx root wheel /var/backup/public-share/TheVolumeSettingsFolder
drwsr-sr-x root wheel /var/backup/public-share/Work
drwxrws--- root public /var/backup/public-share/Work/Documentation
drwxrws--- root public /var/backup/public-share/Work/Images
drwxrwx--- root wheel /var/backup/public-share/Work/Misc
drwxrwxr-x root wheel /var/backup/public-share/Work/Network
drwxrws--- root public /var/backup/public-share/Work/Forms
drwxrws--- root public /var/backup/public-share/Works/Products
drwxrwsr-x root public /var/backup/public-share/Work/Software
drwxr-xr-x root wheel /var/backup/public-share/Work/Special
drwsrws--- root wheel /var/backup/public-share/Work/Special/Secret
drwxrws-wx root wheel /var/backup/public-share/Work/Special/moderated
drwxrwsr-x root wheel /var/backup/public-share/Work/Special/readonly
drwxrws--- root public /var/backup/public-share/Work/Special/user-ro
---
As you can see by changing the group and permission a number of
unique qualities can be configured. Users who belong to wheel
have extensive privileges, users who belong to public have limited
access, and users who don't belong to either group have very
restricted access. Where you see an "s" instead of an "x" in a
directories permissions it means the owner or group associated to the
"s" is applied to any file or directory created in that directory.
This may be more complicated than you need because these directories
are also shared with netatalk. This is so that Macintosh, Windows
and Unix/Linux machines have the same privileges depending on the
user not the platform.
Hope this helps.
On Fri, 2005-07-01 at 11:40 +0000, mike wrote:
> I have a file-server running FC3, which is running in share mode (XP
> home machines)
>
> I can mount shares and write files except for one major problem - all
> files are created with owner/group of nobody. This applies on bioth XP
> and FC3 machines. The same problem applies whether using smb or cifs
>
> This causes problems especially sending mail
>
> Any idea what is wrong?
>
> This is my relevant smb.conf
>
> [global]
> workgroup = brec
> wins support = yes
> netbios name = DATA_CC
> server string = breccc
> security = SHARE
> obey pam restrictions = Yes
> password server = None
> pam password change = Yes
> passwd program = /usr/bin/passwd %u
> passwd chat = *New*password* %n\n *Retype*new*password* %n\n
> *passwd:*all*authentication*tokens*updated*successfully*
> unix password sync = Yes
> log level = 3
> log file = /var/log/samba/%m.log
> max log size = 0
> socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
> name resolve order = wins lmhosts hosts bcast
> os level = 50
> preferred master = Yes
> domain master = Yes
> dns proxy = No
> ldap ssl = no
> create mask = 0777
> force create mode = 0777
> force security mode = 0777
> directory mask = 0777
> force directory mode = 0777
> force directory security mode = 0777
> guest ok = yes
> hosts allow = 192.168.1.4, 192.168.1.50,192.168.1.6, 127.0.0.1,
> 192.168.1.7,192.168.1.6
>
> idmap uid = 16777216-33554431
> idmap gid = 16777216-33554431
> template shell = /bin/false
> winbind use default domain = no
>
> [datacc]
> comment = shared data files for connecting communities
> path = /home/data_cc
> writeable = yes
> inherit permissions = Yes
>
--
Guy Fraser
Network Administrator
The Internet Centre
1-888-450-6787
(780)450-6787
More information about the fedora-test-list
mailing list