On Saturday 28 February 2009 21:32:21 Keith Edmunds wrote:
> On Sat, 28 Feb 2009 20:52:16 +0000, xendistar@??? said:
> > My next problem maybe what you touched on in your first post, if the
> > wife adds a file to one of the shares it comes up as owner karen and
> > group karen (where as everything in the shares at the moments is listed
> > as owner mit group users.
>
> It's a common problem, particularly in commercial setups where you may
> want one group to be able to edit files, another to only read them, and
> deny other groups access altogether. The way we deal with that is along
> these lines (note: "+readgroup" means "all members of group 'readgroup'"):
>
> [sharename]
> path = /path/to/share
> force group = nogroup
> force user = nobody
> read only = no
> read list = +readgroup
> write list = +writegroup
> create mask = 0600
> directory mask = 0700
>
> Set the /path/to/share directory owner:group to nobody:nogroup and mode
> 0700. That means that no one has access to the files (it would be more
> secure to create a specific user:group for all Samba files and ensure no
> user is a member of that group). The "force" lines above will mean that
> all files are created nobody:nogroup; the read/write list lines determine
> who has what access to the files. In the above definition, a user who is a
> member of neither readgroup nor writegroup will not have any access to the
> files in that share. If necessary, multiple groups - or even users - can
> be listed on the read/write list lines.
>
> Keith
>
Ok just so I got this straight, the share section of my smb.conf would look like
this:
[sharename]
path = /mnt/sda1/mp3
force group = nogroup
force user = nobody
read only = no
read list = +sambaread
write list = +sambashare
create mask = 0600
directory mask = 0700
I already have a group called sambashare (I thinks its a default group) so I
just need to setup a new group called sambaread. Also I would need to change
all the existing permission on the files\folders in my existing shares to
nobody and nogroup??
Tim
____________________________________________________________
GET FREE 5GB EMAIL - Check out spam free email with many cool features!
Visit
http://www.inbox.com/email to find out more!
