Author: jht Date: 2007-01-19 01:47:37 +0000 (Fri, 19 Jan 2007) New Revision: 1013
WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba-docs&rev=1013 Log: Fixing bad info regarding UNIX file and directory access control. Modified: trunk/Samba3-HOWTO/TOSHARG-AccessControls.xml Changeset: Modified: trunk/Samba3-HOWTO/TOSHARG-AccessControls.xml =================================================================== --- trunk/Samba3-HOWTO/TOSHARG-AccessControls.xml 2007-01-17 12:59:43 UTC (rev 1012) +++ trunk/Samba3-HOWTO/TOSHARG-AccessControls.xml 2007-01-19 01:47:37 UTC (rev 1013) @@ -1556,6 +1556,7 @@ <title>Users Cannot Write to a Public Share</title> <para> + The following complaint has frequently been voiced on the Samba mailing list: <quote> We are facing some troubles with file/directory permissions. I can log on the domain as admin user (root), and there's a public share on which everyone needs to have permission to create/modify files, but only @@ -1566,7 +1567,7 @@ </para> <para> - There are many ways to solve this problem, and here are a few hints: + Here is one way the problem can be solved: </para> <procedure> @@ -1581,16 +1582,17 @@ Set the ownership to whatever public user and group you want <screen> &prompt;find `directory_name' -type d -exec chown user:group {}\; -&prompt;find `directory_name' -type d -exec chmod 1775 {}\; +&prompt;find `directory_name' -type d -exec chmod 2775 {}\; &prompt;find `directory_name' -type f -exec chmod 0775 {}\; &prompt;find `directory_name' -type f -exec chown user:group {}\; </screen> </para> <note><para> - The above will set the <constant>sticky bit</constant> on all directories. Read your - UNIX/Linux man page on what that does. It causes the OS to assign to all files - created in the directories the ownership of the directory. + The above will set the <constant>SGID bit</constant> on all directories. Read your + UNIX/Linux man page on what that does. This ensures that all files and directories + that are created in the directory tree will be owned by the current user and will + be owned by the group that owns the directory in which it is created. </para></note> </step> <step> @@ -1613,15 +1615,14 @@ <para>Now type: <screen> -&prompt;<userinput>chmod 6775 /foodbar</userinput> +&prompt;<userinput>chmod 2775 /foodbar</userinput> &prompt;<userinput>ls -al /foodbar/..</userinput> </screen> - </para> <para>You should see: <screen> -drwsrwsr-x 2 jack engr 48 2003-02-04 09:55 foodbar +drwxrwsr-x 2 jack engr 48 2003-02-04 09:55 foodbar </screen> </para> </step> @@ -1640,30 +1641,16 @@ You should see that the file <filename>Afile</filename> created by Jill will have ownership and permissions of Jack, as follows: <screen> --rw-r--r-- 1 jack engr 0 2003-02-04 09:57 Afile +-rw-r--r-- 1 jill engr 0 2007-01-18 19:41 Afile </screen> </para> </step> <step> <para> - Now in your &smb.conf; for the share add: + If the user that must have write permission in the directory is not a member of the group + <emphasis>engr</emphasis> set in the &smb.conf; entry for the share: <smbconfblock> -<smbconfoption name="force create mode">0775</smbconfoption> -<smbconfoption name="force directory mode">6775</smbconfoption> - </smbconfblock> - </para> - - <note><para> - These procedures are needed only if your users are not members of the group - you have used &smbmdash; that is, if within the OS they do not have write permission on the directory. - </para> - </note> - - <para> - An alternative is to set in the &smb.conf; entry for the share: - <smbconfblock> -<smbconfoption name="force user">jack</smbconfoption> <smbconfoption name="force group">engr</smbconfoption> </smbconfblock> </para>
