I am trying to set up a multipurpose samba share that will be used for storing office files .doc, .xls, .ppt that will be edited by several users and multiusers MS access databases , this is what I got for now
**Creating the folder to share
**
mkdir sharedfolder
chgrp –R users sharedfolder
chmod 2770 sharedfolder
**sharing the folder
**
[sharedfiles]
Path=/home/easgs/sharedfolder
Read list= a,b,c
Write list = d,e,f
Force group = users
Guest ok = no
Valid users = a,b,c,d,e,f, @users
Directory mask = 2770
Create mask = 2770
Force create mode = 2770
Force directory mode = 2770
oplocks = False
level2 oplocks = False
On 2/21/2013 9:56 PM, jdmcdaniel3 wrote:
>
> Easgs;2529172 Wrote:
>> I am trying to set up a multipurpose samba share that will be used for
>> storing office files .doc, .xls, .ppt that will be edited by several
>> users and multiusers MS access databases , this is what I got for now
>>
>> _Creating_the_folder_to_share
>> _
>> mkdir sharedfolder
>> chgrp –R users sharedfolder
>> chmod 2770 sharedfolder
>>
<snip>
>
> I don’t think chmod 2770 shared folder is going to work as the chmod
> number is 3 digits and not four. Have a look here for permissions:
>
<snip>
>
> Thank You,
>
>
Huh! 2xyz is “Setgid” See for example: http://en.wikipedia.org/wiki/Setuid, See
also man chmod(1).
–
P.V.
“We’re all in this together, I’m pulling for you” Red Green
On 2/21/2013 4:06 PM, Easgs wrote:
>
> I am trying to set up a multipurpose samba share that will be used for
> storing office files .doc, .xls, .ppt that will be edited by several
> users and multiusers MS access databases , this is what I got for now
>
> _Creating_the_folder_to_share
> _
> mkdir sharedfolder
> chgrp –R users sharedfolder
> chmod 2770 sharedfolder
>
> _sharing_the_folder
> _
> [sharedfiles]
> Path=/home/easgs/sharedfolder
> Read list= a,b,c
> Write list = d,e,f
> Force group = users
> Guest ok = no
> Valid users = a,b,c,d,e,f, @users
> Directory mask = 2770
> Create mask = 2770
> Force create mode = 2770
> Force directory mode = 2770
> oplocks = False
> level2 oplocks = False
>
>
> any comments about this topic are welcome
>
> thanks
>
>
Easgs;
Is the share not working as you expect? Your choice of parameters for a share
depends on how you want it to behave. As long as it does what you want it’s OK.
–
P.V.
“We’re all in this together, I’m pulling for you” Red Green
Is the share not working as you expect? Your choice of parameters for a share
depends on how you want it to behave. As long as it does what you want it’s OK.
the share is for storing all kind of files, .doc, .xls .ppt, edited for different users in different groups, .exe, .dll (for portable applications) and ms access databases for mutiple users, so far I have test it with two virtual machines and 4 users but not in production and it has worked fine, but I don’t know if it will work with 25 o more users or I will have some kind of unexpected problems
On 2/22/2013 12:56 PM, Easgs wrote:
<snip>
>
> the share is for storing all kind of files, .doc, .xls .ppt, edited for
> different users in different groups, .exe, .dll (for portable
> applications) and ms access databases for mutiple users, so far I have
> test it with two virtual machines and 4 users but not in production and
> it has worked fine, but I don’t know if it will work with 25 o more
> users or I will have some kind of unexpected problems
>
>
Easgs;
No guarantee, but nothing seemed amiss to me. I normally leave oplocks enabled,
but under many circumstances it is best to disable them as you have done. I
assume you have already read the discussion on oplocks in Chapter 17 of “The
Official Samba-3 HOWTO”. http://www.samba.org/samba/docs/man/Samba-HOWTO-Collection/locking.html
–
P.V.
“We’re all in this together, I’m pulling for you” Red Green
chmod clears the set-group-ID bit of a regular file if the file’s group ID does not match the user’s effective group ID or one of the user’s supplementary group IDs, unless the user has appropriate privileges. Additional restrictions may cause the set-user-ID and set-group-ID bits of MODE or RFILE to be ignored. This behavior depends on the policy and functionality of the underlying chmod system call. When in doubt, check the underlying system behavior. chmod preserves a directory’s set-user-ID and set-group-ID bits unless you explicitly specify otherwise. You can set or clear the bits with symbolic modes like u+s and g-s, and you can set (but not clear) the bits with a numeric mode.
Restricted Deletion Flag or Sticky Bit
The restricted deletion flag or sticky bit is a single bit, whose interpretation depends on the file type. For directories, it prevents unprivileged users from removing or renaming a file in the directory unless they own the file or the directory; this is called the restricted deletion flag for the directory, and is commonly found on world-writable directories like /tmp. For regular files on some older systems, the bit saves the program’s text image on the swap device so it will load more quickly when run; this is called the sticky bit.
There is no practical reason (in my opinion) why an individual user would set or try to use these bits in a situation where you have already set the file or folder set to 770. I have never required this need where a shared folder was already set to 777 or 770. Be careful of who you recommend or suggest these settings to as it is hard to know ultimately who might unknowing use them. In the end, the ability to set and use a four digit chmod number is correct even though what it does and its understanding is not very forthright.
There is no practical reason (in my opinion) why an individual user would set or try to use these bits in a situation where you have already set the file or folder set to 770. I have never required this need where a shared folder was already set to 777 or 770. Be careful of who you recommend or suggest these settings to as it is hard to know ultimately who might unknowing use them. In the end, the ability to set and use a four digit chmod number is correct even though what it does and its understanding is not very forthright.
this is a good example where you need to set the setgid bit
MS Word with Samba Changes Owner of File
*Question:* “When user B saves a word document that is owned by user A, the updated file is now owned by user B. Why is Samba doing this? How do I fix this?”
*Answer:* Word does the following when you modify/change a Word document: MS Word creates a new document with a temporary name. Word then closes the old document and deletes it, then renames the new document to the original document name. There is no mechanism by which Samba can in any way know that the new document really should be owned by the owners of the original file. Samba has no way of knowing that the file will be renamed by MS Word. As far as Samba is able to tell, the file that gets created is a new file, not one that the application (Word) is updating.
There is a workaround to solve the permissions problem. It involves understanding how you can manage file system behavior from within the smb.conf file, as well as understanding how UNIX file systems work. Set on the directory in which you are changing Word documents: chmod g+s `directory_name'. This ensures that all files will be created with the group that owns the directory. In smb.conf share declaration section set:
force create mode = 0660
force directory mode = 0770
These two settings will ensure that all directories and files that get created in the share will be readable/writable by the owner and group set on the directory itself.
So in a simple network with no domain, the issue you show is not a problem because the shared folder and files all come up as chmod 777. Anyone can use and modify the files. If I want a user to maintain control of their own files, I share the /home area and require a username and password to access. I have acknowledge these bits exist and their purpose while at the same time think that users here with small networks need not be concerned about its purpose. I have already added this to my permissions learning blog and will in the future add these bits there as well, and thank you for the added information, but in the end, it will not be all that important on a small private network in my opinion.