by "others" I mean the last digit of the permissions number. For example, "770" is owner rwx, group rwx, others ---
What exactly "others" is, I don't really know, that's why I asked. I assume it's all other users that are not the file owner or member of the file group. Another way to ask the question... if you right-click on a file in GNOME, select properties, and click the permissions tab, you'll see the ability to set rwx for Owner, Group, and Others. Why, when setting permissions for this particular type of setup, would I not want "others" to have ZERO access... I'm trying to control access in the Company folder so that there's full access for JUST the file owner or members of the "company" group... no "others".
I ran a test. If user "cynthia" places a file in the company folder, under our current configuration, it's saved with the following attributes:
file owner: cynthia
file group: cynthia
None of which line up with the company folder's intended use:
file owner: whomever places the file in the directory
file group: "company" (a group of which all users are a member"
permissions 770 (owner and group members can do whatever they want with the file, "others" can do nothing)
In other words, if Cynthia places a file in the company folder, other "company" group members can READ the file, but if they open it, change it, then try to save it, they are prompted for a new file name because for them, it's "read only". (Interestingly, they can DELETE it though).
Not the desired effect, which is:
Cynthia places a file in company folder.
-- She is the owner of the file. She should have rwx to the file
-- Members of the "company" user group should also have rwx to the file. The "file group" should be "company".
-- Others that are not logged in, or those that are not the file owner or a member of the "company" user group should not be able to do anything with the file.
So far, it's only because of the samba permissions and the regular file system permissions on the company folder itself that I can limit access to the files. But when users place the files there... its like I said... the file owner/group and permissions on the file are not conducive to full sharing/manipulation of the file by authorized users.
I'm not afraid to edit the samba config file directly, I just don't know how to set up this company share so that it's properly secured.
Thanks for your post!! I do very much appreciate the help. I'm still such a noob...