eh... so lemme get this straight... I'm going to make a group, and im gonna put all of these users in this group. then, im gonna make this group part of root. after that, i'm going to give them each 500 since that means they can read their folder, the rest of that group can't read it, and the world can't read it... correct? and since they will be in a root group.. uh... why do they need to be in the root group?

Justin,
I think what Matir means is the following: (as root do)

Change access perms on home dirs:
chmod -R 750 /home/*

Change ownership on home dirs:
chown -R root /home/*

Create group for users accessing your DEBIAN server:
groupadd <new-group-name>

Change group ownership on all home dirs:
chgrp -R <new-group-name> /home/*

Add each of your users to this new group:
usermod -G <new-group-name> each-user

If you're also using Samba, you can make the share read-only while also specifying a write list, a list of users (namely you) who have permissions to write to the folder) (read only = yes ; write list = justin).

If you wish to upload file to user directories, you can use smbfs/smb.mount and mount these under /mnt (rather than your home dir). (Alternatively, you could use rsync or sftp to upload files.)

mkdir /mnt/each-user-name

mount -t smbfs -o username=your-username //DEBIAN/name-of-user /mnt/name-of-user

So, if you have a user "ted" with a home dir of /home/ted on DEBIAN, and your group name is "untrust" on DEBIAN,

you'd (as root)

On DEBIAN:
chmod -R 750 /home/ted
chown -R root /home/ted
groupadd untrust
chgrp -R untrust /home/*
usermod -G untrust ted

On Ubuntu:
mkdir /mnt/ted
mount -t smbfs -o username=justin //DEBIAN/ted /mnt/ted

As I said above, if the Samba thing is a mystery to you, just use rsync or sftp to upload files to individual user home directories.

Scott

okay, i've done everything you said, but yet i still have no permissions on my ubuntu computer to add things to his folder. and at first, his folder was an unknown file type. Oh, and also, my smb.conf files don't have either of those options. am i supposed to add them?

Ok, you need to connect to the samba share as root in order to place things in their directories. And to keep them from reading each others files, you need to set them up each in their own group (some distros do this by default) and make the group for their homedir that group.

I did this to mount the shares:

sudo mount -t smbfs -o username=justin //DEBIAN/travis /mnt/travis

And i thought i was supposed to put all of the users in one group?

Hi Justin,
Hmmm... Matir is right: if you add all users to one group, and set homedirs to that same group, users will be able to wander into and read each other's home directories, even though they won't be able to write anything. If you don't want them wandering/reading, you'll need to put each in their own group and change the group ownsership on their home dir to their group. For ex.,

chown -R justin.ted /home/ted

Would make you owner and the group "ted" group-owner of ted's home dir. Before you could do this, of course, you'd have to create the group "ted" with groupadd. Your distro may already have done this for the groups. Check the group owners with ls -l /home

Also another correction to my earlier post. Don't change ownership of DEBIAN home dirs to *root*; instead change it to *justin*.

Then, when you connect as justin using Samba, you'll automatically have write permissions. You might need "create mask = 750" and "directory mask = 750" in the smb.conf share definition to prevent files written by samba from having higher permissions.

Scott

Ah, yes, I didn't even think about making the dirs owned by another user. Good call. Then you'd need to add 'justin' to all the user groups. Also, you want to set the setgid bit on each directory to make sure that any files you place there receive the right group permissions.

would i strip the user's permission to write by this

chmod -R 550 /home/ted

and still, as the justin user, be able to go in there with samba and write to their home folder?

the reason i would think of giving them this number is so they can only read and execute, and so others cant see the content of their folder?

"Also, you want to set the setgid bit on each directory to make sure that any files you place there receive the right group permissions."

doesn't -R in the chmod and chown commands already do that?

No, you'd need to use '750' and set the owner to justin.
No, -R just makes the command recursive (on the named item and all files and directories within it).

So, in summary, the following should work for a user ted (execute all as root):

"chmod -R 2750 /home/ted"

don't you mean chmod -R '750' /home/ted..? i dont mean to second guess you but i thought it was only 3 digits...

Nope, the 2 sets the setgid bit, so whenever you place files there the files will be owned by the user's group. A more specific way of setting permissions would be:
This will remove the setgid and exec permissions from all non-directories.

so i did a test by mounting //debian/ted to my /home/justin/debian folder, i signed in as justin when mounting, and I could both drag, and drop files, but when i signed in as ted, i could do neither... i want them to atleast get files from their folder and drop them onto their computer.. was there something i might have done wrong? i know that he is in his own group.. but here is the result of ls -l /home (ted is the only one im testing on at the moment)

total 68
drwxr-s--- 3 justin ted 4096 2006-07-27 20:16 ted
drwxr-xr-x 3 justin justin 4096 2006-07-27 14:33 justin
drwxr-xr-x 2 root root 49152 2006-07-27 13:08 lost+found
drwxr-xr-x 2 ninjamasterbobby ninjamasterbobby 4096 2006-07-27 13:34 ninjamasterbobby
drwxr-xr-x 2 novik novik 4096 2006-07-27 19:10 novik
drwxr-xr-x 2 travis travis 4096 2006-07-27 14:34 travis

this is after i did this, in this order:

chown -R justin.ted /home/ted
chmod -R 2750 /home/ted

maybe it was because i did that step ^ backwards i am not able to do anything as the user ted?

You should check the permissions on the files you attempted to drag and drop as the user ted. Perhaps these were created before you set the sticky bit and so did not have ted's group associated with them. In this case, ted would have no access to them.

ls -l /home/ted

will list perms on all files in ted's homedir.

Just to be sure, you might also check ted's in his own group:

groups ted

will do this.

groups ted gave me this:

I'm guessing that means he's in his own group?

and ls -l /home/ted gave me the file and it's permissions

but yet I'm still unable, as ted, to recieve the files from the /home/ted folder

The reason ted can't access the file is that it is owned by user justin and group justin. The read out from ls, "justin justin", tell us this. It should instead read "justin ted" signifying owner justin and group ted.

As justin or root do:

chgrp -R ted /home/ted/*

This will change everything in /home/ted to group ted.

Then to check again,

ls -l /home/ted

The directory /home/ted is already set to group ted as we saw previously, so this last change should fix everything.

Scott