summaryrefslogtreecommitdiff
path: root/docs/Samba3-HOWTO
diff options
context:
space:
mode:
authorJohn Terpstra <jht@samba.org>2007-01-19 01:47:37 +0000
committerGerald W. Carter <jerry@samba.org>2008-04-23 08:47:24 -0500
commitf1eee655861457174a0382b76e8fd718ae932494 (patch)
tree7f9d8058bf2da158de37e7618bfea94276fb3093 /docs/Samba3-HOWTO
parent8b3039aa32fb6fcbdb69c80d36b60de9c89571fe (diff)
downloadsamba-f1eee655861457174a0382b76e8fd718ae932494.tar.gz
samba-f1eee655861457174a0382b76e8fd718ae932494.tar.bz2
samba-f1eee655861457174a0382b76e8fd718ae932494.zip
Fixing bad info regarding UNIX file and directory access control.
(This used to be commit df05e818e92c64586b2579c6e46c3a105efa9d56)
Diffstat (limited to 'docs/Samba3-HOWTO')
-rw-r--r--docs/Samba3-HOWTO/TOSHARG-AccessControls.xml37
1 files changed, 12 insertions, 25 deletions
diff --git a/docs/Samba3-HOWTO/TOSHARG-AccessControls.xml b/docs/Samba3-HOWTO/TOSHARG-AccessControls.xml
index 269160456f..4a0f46d6ac 100644
--- a/docs/Samba3-HOWTO/TOSHARG-AccessControls.xml
+++ b/docs/Samba3-HOWTO/TOSHARG-AccessControls.xml
@@ -1556,6 +1556,7 @@ are examples recently taken from the mailing list.
<title>Users Cannot Write to a Public Share</title>
<para>
+ The following complaint has frequently been voiced on the Samba mailing list:
<quote>
We are facing some troubles with file/directory permissions. I can log on the domain as admin user (root),
and there's a public share on which everyone needs to have permission to create/modify files, but only
@@ -1566,7 +1567,7 @@ are examples recently taken from the mailing list.
</para>
<para>
- There are many ways to solve this problem, and here are a few hints:
+ Here is one way the problem can be solved:
</para>
<procedure>
@@ -1581,16 +1582,17 @@ are examples recently taken from the mailing list.
Set the ownership to whatever public user and group you want
<screen>
&prompt;find `directory_name' -type d -exec chown user:group {}\;
-&prompt;find `directory_name' -type d -exec chmod 1775 {}\;
+&prompt;find `directory_name' -type d -exec chmod 2775 {}\;
&prompt;find `directory_name' -type f -exec chmod 0775 {}\;
&prompt;find `directory_name' -type f -exec chown user:group {}\;
</screen>
</para>
<note><para>
- The above will set the <constant>sticky bit</constant> on all directories. Read your
- UNIX/Linux man page on what that does. It causes the OS to assign to all files
- created in the directories the ownership of the directory.
+ The above will set the <constant>SGID bit</constant> on all directories. Read your
+ UNIX/Linux man page on what that does. This ensures that all files and directories
+ that are created in the directory tree will be owned by the current user and will
+ be owned by the group that owns the directory in which it is created.
</para></note>
</step>
<step>
@@ -1613,15 +1615,14 @@ are examples recently taken from the mailing list.
<para>Now type:
<screen>
-&prompt;<userinput>chmod 6775 /foodbar</userinput>
+&prompt;<userinput>chmod 2775 /foodbar</userinput>
&prompt;<userinput>ls -al /foodbar/..</userinput>
</screen>
-
</para>
<para>You should see:
<screen>
-drwsrwsr-x 2 jack engr 48 2003-02-04 09:55 foodbar
+drwxrwsr-x 2 jack engr 48 2003-02-04 09:55 foodbar
</screen>
</para>
</step>
@@ -1640,30 +1641,16 @@ drwsrwsr-x 2 jack engr 48 2003-02-04 09:55 foodbar
You should see that the file <filename>Afile</filename> created by Jill will have ownership
and permissions of Jack, as follows:
<screen>
--rw-r--r-- 1 jack engr 0 2003-02-04 09:57 Afile
+-rw-r--r-- 1 jill engr 0 2007-01-18 19:41 Afile
</screen>
</para>
</step>
<step>
<para>
- Now in your &smb.conf; for the share add:
- <smbconfblock>
-<smbconfoption name="force create mode">0775</smbconfoption>
-<smbconfoption name="force directory mode">6775</smbconfoption>
- </smbconfblock>
- </para>
-
- <note><para>
- These procedures are needed only if your users are not members of the group
- you have used &smbmdash; that is, if within the OS they do not have write permission on the directory.
- </para>
- </note>
-
- <para>
- An alternative is to set in the &smb.conf; entry for the share:
+ If the user that must have write permission in the directory is not a member of the group
+ <emphasis>engr</emphasis> set in the &smb.conf; entry for the share:
<smbconfblock>
-<smbconfoption name="force user">jack</smbconfoption>
<smbconfoption name="force group">engr</smbconfoption>
</smbconfblock>
</para>