Hi there,
Utter confusion reigns !
Just some background first. Here is the ls -l output from the directory that I am sharing from my Samba server :
Code:
$ ls -al
drwxrwx--- 2 root share 4096 2009-10-21 13:06 share
Note 770 permissions on the share directory.
The relevant part of the smb.conf file :
Code:
[linux-share]
path= /home/share
read only = no
force group = share
create mask = 0770
force create mode = 0770
So any file created has 770 permissions and group owner is "share"
I have three samba accounts on the Samba server, myself (who is a member of the "share" group) , harry and max. Both max and harry are just ordinary users who have no login shell on the server, do not belong to any other groups and just have a samba login to upload files. Importantly, they are NOT in the share group.
The confusion arise when max and harry upload files.
(a) If the share directory is 770 owner root, group share, then why are they allowed to upload files? They are not in the group "share" and "other" does not have rwx permissions ???
(b) OK, so they can upload files and the files have 770 permissions as it states in the smb.conf, with owner being whoever uploaded the file and group being share. Below harry uploaded test.file. Here is the ls -l output :
Code:
[user@Linux /home]$ cd share
[user@Linux /home/share]$ ls -l
total *****
-rwxrwx--- 1 harry share 19 2009-10-21 13:27 test.file
[user@Linux /home/share]$
The file has inherited user( harry) ownership and group "share" as expected. The second problem is that when max logs into the share he can delete this file. How is this possible since he is not the owner of the file nor member of the "share" group ; /home/share (permissions 770) is owned by root and group owner is "share" and both max and harry do not belong to this group ?????
What I would eventually like is for both max and harry to be able to upload files but not read or delete each others files. The only person who should be able to read / write and delete other users' file is the person who belongs to group "share" i.e. me. I may have misunderstood permissions or have put the wrong permissions on the /home/share directory. A solution to this confusion would be highly appreciated !
cheers
C