summaryrefslogtreecommitdiff
path: root/docs/smbdotconf/security/forcegroup.xml
blob: 2d8f5790d8dd147d25027e884c9e7a9d5d217370 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
<samba:parameter name="force group"
                 context="S"
				 type="string"
                 xmlns:samba="http://www.samba.org/samba/DTD/samba-doc">
<synonym>group</synonym>
<description>
    <para>This specifies a UNIX group name that will be 
    assigned as the default primary group for all users connecting 
    to this service. This is useful for sharing files by ensuring 
    that all access to files on service will use the named group for 
    their permissions checking. Thus, by assigning permissions for this 
    group to the files and directories within this service the Samba 
    administrator can restrict or allow sharing of these files.</para>

    <para>In Samba 2.0.5 and above this parameter has extended 
    functionality in the following way. If the group name listed here 
    has a '+' character prepended to it then the current user accessing 
    the share only has the primary group default assigned to this group 
    if they are already assigned as a member of that group. This allows 
    an administrator to decide that only users who are already in a 
    particular group will create files with group ownership set to that 
    group. This gives a finer granularity of ownership assignment. For 
    example, the setting <filename moreinfo="none">force group = +sys</filename> means 
    that only users who are already in group sys will have their default
    primary group assigned to sys when accessing this Samba share. All
    other users will retain their ordinary primary group.</para>

    <para>If the <link linkend="FORCEUSER"><parameter moreinfo="none">force user</parameter>
    </link> parameter is also set the group specified in 
    <parameter moreinfo="none">force group</parameter> will override the primary group
    set in <parameter moreinfo="none">force user</parameter>.</para>

</description>

<related>force user</related>

<value type="default"/>
<value type="example">agroup</value>
</samba:parameter>