fishface
07-13-2006, 04:04 PM
I'm having permissions problems with a Samba share with regards to group access.
I use SWAT to configure.
The directory PDG permissions are set to rwxrwr the group wwmat having rw permissions, owner having rwx, rest read only - all works when using Linux.
Here is a snippet of my smb.conf
[global]
workgroup = MYDOMAIN
security = DOMAIN
map to guest = Bad User
passdb backend = smbpasswd:/etc/samba/smbpasswd
username map = /etc/samba/smbusers
printcap cache time = 750
logon path = \\%L\profiles\.msprofile
logon drive = P:
logon home = \\%L\%U\.9xprofile
local master = No
ldap suffix = dc=example,dc=com
ldap machine suffix = ou=Computers
ldap idmap suffix = ou=Idmap
printer admin = @ntadmin, root, administrator
cups options = raw
[pdg]
path = /server/myserver/pdg
force group = pdg
read only = No
create mask = 0664
Browsing is enabled
The problem is this, the only way I can get a user who is in the pdg group to read and write to this share is to set it to 'read only = no', which is not ideal as lots of other users can then have rw access. I would like the share to be able to be read by anybody but only rw by the pdg group. I cannot see what I'm doing wrong, I've thought the 'force group' option a mask of 664 should work - I'm obviously doing something wrong! :confused:
I use SWAT to configure.
The directory PDG permissions are set to rwxrwr the group wwmat having rw permissions, owner having rwx, rest read only - all works when using Linux.
Here is a snippet of my smb.conf
[global]
workgroup = MYDOMAIN
security = DOMAIN
map to guest = Bad User
passdb backend = smbpasswd:/etc/samba/smbpasswd
username map = /etc/samba/smbusers
printcap cache time = 750
logon path = \\%L\profiles\.msprofile
logon drive = P:
logon home = \\%L\%U\.9xprofile
local master = No
ldap suffix = dc=example,dc=com
ldap machine suffix = ou=Computers
ldap idmap suffix = ou=Idmap
printer admin = @ntadmin, root, administrator
cups options = raw
[pdg]
path = /server/myserver/pdg
force group = pdg
read only = No
create mask = 0664
Browsing is enabled
The problem is this, the only way I can get a user who is in the pdg group to read and write to this share is to set it to 'read only = no', which is not ideal as lots of other users can then have rw access. I would like the share to be able to be read by anybody but only rw by the pdg group. I cannot see what I'm doing wrong, I've thought the 'force group' option a mask of 664 should work - I'm obviously doing something wrong! :confused: