John, For the [chemgroup] share try
[chemgroup] comment = Chemistry Group Share path = /home/chemgroup valid users = @chemgroup write list = @chemgroup browseable = no ;; writeable = yes ;; printable = no force group = @chemgroup ;; note your post left out the '@'-sign create mask = 0660 directory mask = 0770 and for the [homes] share try [homes] comment = Home Directories browseable = no ;; read only = no create mask = 0640 directory mask = 0750 ;; valid users = %S valid users = %U write list = %U I found that using %U works best so long as you don't have older Windows (e.g. Wfwg). Also specifying write list specifically gives 'username' write capabilities consistent with your security policy on the underlying volume. And, is /lab/chemgroup a local disk volume or a remote NSF volume? Doing a double mount SMB --> NFS --> Local Vol is not recommended owing to the way NFS itself handles permissions. Also I would recommend that you consider upgrading to the latest 3.5.X branch of Samba and consider enabling ACLs and extended User Attributes on the underlying volumes. Although adding Posix ACls does add complexity to the mix in the end you get a more secure environment and less Windows-to-Linux permission problems and confusion. Bob --bs On Thu, 2011-06-02 at 10:36 -0400, John Maher wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Hello, > > I cannot find anything in the documentation or mailing list that > addresses this oddity. > > I've installed Samba Version 3.4.7 on Ubuntu Server 10.04, and I'm > utterly confused by samba's behavior regarding permissions. > > Users on the server have home directories in /home/chemgroup/username. > (chemgroup is actually a symlink to another volume mounted at > /labs/chemgroup.) Permissions on /lab/chemgroup are: > > drwxrwx--- username chemgroup /labs/chemgroup > > Permissions on /lab/group/username are: > > drwxr-x--- username chemgroup /labs/chemgroup/username > > Clearly, username has rights to write to /home/chemgroup/username, and > can do so just fine via ssh. > > The Samba share is configured as follows: > > [chemgroup] > comment = Chemistry Group Share > path = /home/chemgroup > valid users = @chemgroup > public = no > browseable = no > writeable = yes > printable = no > force group = chemgroup > create mask = 0660 > directory mask = 0770 > > Note, username is a member of chemgroup. > > username can connect to \\server\chemgroup and can create new files and > directories there. And username can navigate to the username folder > within chemgroup. BUT, here's where it gets weird . . . username can > create a new file within the chemgroup\username folder, but they cannot > even change the name of the file they just created. And they can't > delete the file they just created (and couldn't rename). > > This same behavior is even presented with Home directories, with the > homes section looking like this: > > [homes] > comment = Home Directories > browseable = no > read only = no > create mask = 0640 > directory mask = 0750 > valid users = %S > > Thank you for any help or guidance. > > John > > - -- > * - - - - * - - - - * - - - - * - - - - * - - - - * - - - - * - - - - * > John Maher > Senior Systems and Network Administrator > Department of Biochemistry & Molecular Biology and > Department of Chemistry > University of Massachusetts - Amherst > voice: 413-577-3120 fax: 413-545-4490 > OpenPGP Key ID: 0x2970A144 > > > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.4.10 (GNU/Linux) > Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ > > iEYEARECAAYFAk3nn9kACgkQG+X1pClwoUQ4MwCaA0LA6XGt9mkOtkHwUfOrkrud > 184AoKf+YL0oNNB3caqtEyvbLFe07i/H > =Q2wx > -----END PGP SIGNATURE----- > -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba