On Sat, 28 Feb 2009 20:52:16 +0000, xendistar@??? said:
> My next problem maybe what you touched on in your first post, if the
> wife adds a file to one of the shares it comes up as owner karen and
> group karen (where as everything in the shares at the moments is listed
> as owner mit group users.
It's a common problem, particularly in commercial setups where you may
want one group to be able to edit files, another to only read them, and
deny other groups access altogether. The way we deal with that is along
these lines (note: "+readgroup" means "all members of group 'readgroup'"):
[sharename]
path = /path/to/share
force group = nogroup
force user = nobody
read only = no
read list = +readgroup
write list = +writegroup
create mask = 0600
directory mask = 0700
Set the /path/to/share directory owner:group to nobody:nogroup and mode
0700. That means that no one has access to the files (it would be more
secure to create a specific user:group for all Samba files and ensure no
user is a member of that group). The "force" lines above will mean that
all files are created nobody:nogroup; the read/write list lines determine
who has what access to the files. In the above definition, a user who is a
member of neither readgroup nor writegroup will not have any access to the
files in that share. If necessary, multiple groups - or even users - can
be listed on the read/write list lines.
Keith
--
Keith Edmunds
+-------------------------------------------------------------------------+
| Tiger Computing Ltd | Helping businesses make the most of Linux |
| "The Linux Specialists" | http://www.tiger-computing.co.uk |
+-------------------------------------------------------------------------+
