Slackware Samba Server + Windows Network Permissions Issues
Hello all! Been a while since I've posted here, but I figured where better to go with a question like this?
Anyhow, please excuse my thread if it turns out to be a duplicate, I only searched briefly on the topic. My current situation is this: I have an HP server running Slackware 12.1 dedicated to only file serving at the moment. All machines on my small network (only 1 8-port switch so far) have access, with the right user credentials. Connectivity and file sharing with the windows boxes is done by Samba, and it works out pretty well. The problem is, anytime one user creates a new directory in the Samba share, all other users are prevented write access to the directory until I go and manually reset the permissions on the server, even if they're part of the same group as the creator. Since the network is small and we don't have a large number of folks accessing the share, I generally leave the permissions set to 755. I'm guessing that maybe there's a config option in Samba that could fix this by giving new default permissions for file creation, but it lead me to a bigger question. For flexibility as the company (hopefully) grows, would it be better now to implement some sort of LDAP to aid in keeping windows user/group permissions in line with the samba permissions? Or, if I can change the default mask in samba, would that be easier to do given that I may need to expand the network to more than just two groups later? As it stands now I'm pretty unclear on what software could accomplish what I'm looking for: For users of the same group on the windows network, file sharing with default permissions to allow the group to access whatever files or directories are created, and the ability to separate users' and groups' access to the different shares on the samba server. It's very possible that the problem here has something to do with the windows boxes on the network, but I'm taking a stab in the dark here hoping that one of you will have some insight to help me plan this thing out. I look forward to your responses. Thanks! |
If I am understanding you correctly, you may need to force perms on the directory / file. So, maybe something like:
Code:
comment = Your office Share |
The shares are workgroup based. I only have one workgroup with one samba server. The config options you mentioned above, are those for the smb.conf? I might give that a go. What would I use LDAP for? I mean I've heard a few people suggest it but I've never used it and don't really know what sort of benefit it might have for all the work.
|
LDAP could force some defaults on some share locations, bookmarks, workspace settings, etc..
Yeah, the above would typically be found at the tail of a tthe smb.conf. I think whats important to consider is that what I posted is a example. Your only going to need to add create mask = 0660 directory mode = 0660 force group = samba_wrkgrp Any ways, let me know how it plays out. The above is just going to create and enforce permissions for read write only with out any execute bit set. It should work as long as every one that tries to modify the file is a member of samba_wrkgrp. Now, you can create any group you want, I only use samba_wrkgrp for reference. Hope this helps! |
Ok, I'll give it a go this afternoon. The samba_wrkgrp you mentioned in a linux GID right? Thus, the machine accounts that are being used for credentials are the ones that will have to belong to that group?
|
Quote:
For simple workgroup level stuff on a very small network, I would just let users know where to place uploaded files that should be available for modification by everyone. Going back to your first question: the group can be any name you decied on. It will be just that, a group, not so much a "machine" account. Hope this has helped. |
All times are GMT -5. The time now is 12:08 AM. |