You can control the group for files and directories in a few different ways.
- Set the SETGID bit for the directory
- Primary group of user creating the files
- Use "chown" after the files or directories are created
If you set the group for a directory and also set the SETGID bit then all directories and files created in that directory will inherit the group. Directories will also inherit the SETGID bit.
For example, to make a directory called "mp3s" assign the group "music" to any new directories or files you can do this.
chown :music /mp3s
chmod g+s /mp3s
That does not change the group or permissions of any existing directories or files, only new ones that are created.
The permissions for the group are NOT inherited and those depend on the "umask" setting for the account creating the files. The default for group permissions is usually "rx".
When the SETGID bit is not set for a directory, then the group is set to the primary group for the account creating the files.
You can use "chown" to set the group of directories and files. You either have to be root, or you have to both own the directories/files and belong to the group being set.
You can't set the group of files that you don't own. You can't set a file to a group unless you also belong to that group. Of course the root account has neither of those restrictions.
To give users access to the files, you can make those users members of the group. It does not have to be their primary group.
You can also make ALL users accessing a SAMBA share temporarily be members of a group using this option.
FORCE GROUP = +groupname
The "+" is really only important if users can create files. Adding "+" means that the user's primary group will not be set to "groupname" unless they also belong to "groupname". All users will temporarily belong to "groupname" when accessing files through the share. Only users permanently in that group can create files owned by the group. Without the "+" any files created by any users will be owned by the group.
If you are going to use "FORCE GROUP" then I recommend not using "groupname" for anything else except access to the files. It's usually better to just add users to the group in the normal way instead of using "FORCE GROUP" in "smb.conf".
I generally try to use each group name for only one specific purpose and then add users to the groups as necessary. I use the SETGID bit when I want to force group ownership since a user can only belong to one primary group. The SETGID bit works with all the groups even if the user creating the file doesn't belong to the group.