diff options
author | John Terpstra <jht@samba.org> | 2007-01-19 01:47:37 +0000 |
---|---|---|
committer | Gerald W. Carter <jerry@samba.org> | 2008-04-23 08:47:24 -0500 |
commit | f1eee655861457174a0382b76e8fd718ae932494 (patch) | |
tree | 7f9d8058bf2da158de37e7618bfea94276fb3093 /docs/Samba3-HOWTO | |
parent | 8b3039aa32fb6fcbdb69c80d36b60de9c89571fe (diff) | |
download | samba-f1eee655861457174a0382b76e8fd718ae932494.tar.gz samba-f1eee655861457174a0382b76e8fd718ae932494.tar.bz2 samba-f1eee655861457174a0382b76e8fd718ae932494.zip |
Fixing bad info regarding UNIX file and directory access control.
(This used to be commit df05e818e92c64586b2579c6e46c3a105efa9d56)
Diffstat (limited to 'docs/Samba3-HOWTO')
-rw-r--r-- | docs/Samba3-HOWTO/TOSHARG-AccessControls.xml | 37 |
1 files changed, 12 insertions, 25 deletions
diff --git a/docs/Samba3-HOWTO/TOSHARG-AccessControls.xml b/docs/Samba3-HOWTO/TOSHARG-AccessControls.xml index 269160456f..4a0f46d6ac 100644 --- a/docs/Samba3-HOWTO/TOSHARG-AccessControls.xml +++ b/docs/Samba3-HOWTO/TOSHARG-AccessControls.xml @@ -1556,6 +1556,7 @@ are examples recently taken from the mailing list. <title>Users Cannot Write to a Public Share</title> <para> + The following complaint has frequently been voiced on the Samba mailing list: <quote> We are facing some troubles with file/directory permissions. I can log on the domain as admin user (root), and there's a public share on which everyone needs to have permission to create/modify files, but only @@ -1566,7 +1567,7 @@ are examples recently taken from the mailing list. </para> <para> - There are many ways to solve this problem, and here are a few hints: + Here is one way the problem can be solved: </para> <procedure> @@ -1581,16 +1582,17 @@ are examples recently taken from the mailing list. Set the ownership to whatever public user and group you want <screen> &prompt;find `directory_name' -type d -exec chown user:group {}\; -&prompt;find `directory_name' -type d -exec chmod 1775 {}\; +&prompt;find `directory_name' -type d -exec chmod 2775 {}\; &prompt;find `directory_name' -type f -exec chmod 0775 {}\; &prompt;find `directory_name' -type f -exec chown user:group {}\; </screen> </para> <note><para> - The above will set the <constant>sticky bit</constant> on all directories. Read your - UNIX/Linux man page on what that does. It causes the OS to assign to all files - created in the directories the ownership of the directory. + The above will set the <constant>SGID bit</constant> on all directories. Read your + UNIX/Linux man page on what that does. This ensures that all files and directories + that are created in the directory tree will be owned by the current user and will + be owned by the group that owns the directory in which it is created. </para></note> </step> <step> @@ -1613,15 +1615,14 @@ are examples recently taken from the mailing list. <para>Now type: <screen> -&prompt;<userinput>chmod 6775 /foodbar</userinput> +&prompt;<userinput>chmod 2775 /foodbar</userinput> &prompt;<userinput>ls -al /foodbar/..</userinput> </screen> - </para> <para>You should see: <screen> -drwsrwsr-x 2 jack engr 48 2003-02-04 09:55 foodbar +drwxrwsr-x 2 jack engr 48 2003-02-04 09:55 foodbar </screen> </para> </step> @@ -1640,30 +1641,16 @@ drwsrwsr-x 2 jack engr 48 2003-02-04 09:55 foodbar You should see that the file <filename>Afile</filename> created by Jill will have ownership and permissions of Jack, as follows: <screen> --rw-r--r-- 1 jack engr 0 2003-02-04 09:57 Afile +-rw-r--r-- 1 jill engr 0 2007-01-18 19:41 Afile </screen> </para> </step> <step> <para> - Now in your &smb.conf; for the share add: - <smbconfblock> -<smbconfoption name="force create mode">0775</smbconfoption> -<smbconfoption name="force directory mode">6775</smbconfoption> - </smbconfblock> - </para> - - <note><para> - These procedures are needed only if your users are not members of the group - you have used &smbmdash; that is, if within the OS they do not have write permission on the directory. - </para> - </note> - - <para> - An alternative is to set in the &smb.conf; entry for the share: + If the user that must have write permission in the directory is not a member of the group + <emphasis>engr</emphasis> set in the &smb.conf; entry for the share: <smbconfblock> -<smbconfoption name="force user">jack</smbconfoption> <smbconfoption name="force group">engr</smbconfoption> </smbconfblock> </para> |