Default security flags

Default security flags

Post by Jure Erznozni » Mon, 19 Mar 2001 19:11:59



I have this situation:

The server is RedHat 6.2
I have defined a group of users that has access to a folder on disk
This folder is shared through Samba
Nobody else (but root) has access to this folder
Samba has the create mask set to 2770
All files that are created by users through Samba should be accessible to
everyone in the group

Now I have two problems:
Files that are created by users have the owner set to user instead of group
Security flags of these files are set so that only the owner can use them

I don't want this. I want the owner to be the group and security flags set
to "allow all for group"

How do I set this?

Jure

 
 
 

Default security flags

Post by Scott Schaefe » Mon, 19 Mar 2001 23:58:54



> I have this situation:

> The server is RedHat 6.2
> I have defined a group of users that has access to a folder on disk
> This folder is shared through Samba
> Nobody else (but root) has access to this folder
> Samba has the create mask set to 2770
> All files that are created by users through Samba should be accessible to
> everyone in the group

> Now I have two problems:
> Files that are created by users have the owner set to user instead of group
> Security flags of these files are set so that only the owner can use them

> I don't want this. I want the owner to be the group and security flags set
> to "allow all for group"

The owner of a file cannot be a group -- it must be a user.

You can, however, set the group permission bits.  See description of
'force create mask' parameter: to get results of  "rwxrwx---", try:

create mask = 2770
force create mask = 770

Also, see the corresponding parms for setting permission bits on any
directories which your users might create ... I think these are
'directory mask' and 'directory security mask'

- Show quoted text -

Quote:

> How do I set this?

> Jure


 
 
 

Default security flags

Post by Mark-Oliver Wolte » Tue, 20 Mar 2001 23:14:45



> Now I have two problems:
> Files that are created by users have the owner set to user instead of group
> Security flags of these files are set so that only the owner can use them
> I don't want this. I want the owner to be the group and security flags set
> to "allow all for group"
> How do I set this?

You want to use the "force user = <one-of-your-valid-users>" parameter. Then
anyone allowed to connect to that service effectively have the file access
rights of this same user.