Re: [ILUG] mere samba&access horror
On Wed, Sep 06, 2000 at 11:58:09PM +0200, Deim Agoston wrote:
>
>
> On Tue, 5 Sep 2000, Kent West wrote:
> > I had a similar problem when trying to keep an ACT!2000 database
> > (Access-based, I think) on a Samba server. Whenever one user would
> > access the database, some of the files would revert to his ownership,
> > locking out other users. The solution was to modify smb.conf so that the
> > files always belonged to a specific user/group. I don't have the
> Huh ! How did you do it ?
The trick is to use classic Unix security facilities, not Samba.
First set the GID bit on the directory containing the database, and
set the dir to be owned by some special group:
$ chgrp db-users db-dir
$ chmod g+s db-dir
$ chgrp db-users db-dir/*
Then any new files created in this directory will be owned by group
db-users. Add all users that need write access to the database to
the db-users group. Then set the umask in the relevant section of
smb.conf to 002 (or maybe its create mode - look for 'mode' in the
smb.conf manpage).
If you want non-members of db-users to have read access, set the
directory and files to o=r, otherwise set the db-dir to o=no access.
The only Samba-specific thing about this is the way Samba lets you
have per-directory umasks (well, per-share, actually).
Later,
Kenn
Reply to: