I HATE HATE HATE the linux permission system, it's garbage. But that said..

Is there a way I can gain access to a folder, without having to make it owned as my user or having to chmod it 777?

I have lot of different file shares throughout my servers, I'm ditching NFS for SMB hoping to gain a bit of security, problem is it's giving me tons of issues with permissions. As an example I have a folder where it's owned by

user1:user1

My actual account is user2. I'm part of the user1 group, but that does not seem to be enough. Everything is chmodded 775. Yet I still can't create folders or do much. If I chmod everything 777 it works, but that's super dirty.

Is there a way to just make this work properly without everything having to be owned by my user?

i like it better than the garbage in windows

set the user and group policies

if for example you have 3 people that need read/write to a folder
make a new "group" and the users to it and give the group the R/W permission

normally the " user : group " would be "tom:users" , "dick:users" , "harry:users"

add the persons user name to the "users" group

SMB is more secure than NFS? NFSv4 is secure enough to be accessed over internet, how about Samba?

Windows' system is way more flexible.

The group thing has never worked properly for me in Linux, as is the example here. Despite being in the same group as the folder I still can't write to it. Here's what the samba share looks like:

Everything in that folder is to be owned by user1. I'm user2. Everything chmodded 775.

SMB was never designed to be exposed to external networks, but NTFS/SMB is quite secure on local networks, and ACL's provide much more permissions granularity than standard linux owg permissions.

For SMB access permissions, keep in mind it's the windows user that controls permissions, not the linux user account.

NFS relies on user/group IDs and not passwords, which has laughable security. NFSv4 can be setup with kerberos and all that, but that's a huge pain in the ass to setup and it has to be setup on a per machine basis. I should not need to have a PHD just to share files. And I think it STILL wants the user/group IDs to match on each system. It's ridiculous really.

SMB was never designed to be exposed to external networks, but NTFS/SMB is quite secure on local networks, and ACL's provide much more permissions granularity than standard linux ugw permissions.

For SMB access permissions, keep in mind it's the windows user that controls permissions, not the linux user account.

Wait, I know there are separate SMB users that map to the Unix ones and got that setup, but is there the same for groups? I wonder if I have to create special groups?

Decided to take the F it approach. As dirty as it is, I'm just going to make every single one of my share folders owned by myself. My philosophy was that if this was a network with multiple users some of those folders I may want to give more than one user access, but given Linux's archaic file permission system that does not seem to be very easy to do and I'm in reality the only person that needs access so... screw it.

I hear there's an ACL system in Linux, I just wish it was native. Any time I've tried to use it I just get "not supported". Guessing you need to do/install something special for it to work.

Bah ended up just going back NFS. Realized my whole idea of using Samba was kinda lost if I was forced to make so many changes at the server level permissions. Just going to deal with the stupidity of having to create all users/groups on each machine and having to match the IDs. So basically decided to go back to my old setup.

Set up NIS if you do not like matching UID:GID.

The Unix way:
own the shared directory by a common Unix group. And have 2775 permissions on directories.
To create group-writable files and directories, each user sets umask 002 (during login e.g. .profile)
The g+s bit is inherited when a subdirectory is created. Its purpose is to force the common group, even if the user's primary group is different.

2 members found this post helpful.