I've set up a Linux and Mac Appletalk (netatalk) LAN. On the Linux box (Debian Etch) I have a shared directory for passing files to/from the Linux box, that is accessed from the Mac (while AppleTalk allows a peer-to-peer network model, netatalk only provides for a Mac to "see" a Linux system but the Linux system can't "see" a Mac for file sharing).

As root on the Linux box I created a new user "lanshare" accepting standard permissions for the /home/lanshare directory
owner: rwx group: r-x others: r-x
I also added to the "lanshare" group the other Linux users that I want to be able to use a shared directory.

Then I logged in as "lanshare" and created the folder "public" in /home/lanshare/. For this "public" folder I modified the permissions to
owner: rwx group: rwx others: ---
and I set the sticky bit.

The idea is to allow various users on the Linux box the ability to create and delete their own files in /home/lanshare/public and to read/copy any files therein. The Mac will create and delete files therein as the user "lanshare."

This seems to work as intended, but I'm wondering if such is the best way to handle the setup?

Thank you,
Lee C

Yes but I'd also set the setguid bit on that public directory, and any subdirectories. This means that when one of your users creates a new file or folder it will be owned by the group lanshare, even if that's not their primary group.

Thanks for the reply tkedwards,

I also found the following on the Debian list, but I don't understand the solution if it is a problem.

----------------
IIRC, things may become messy, when users start to *copy* files to /home/lanshare/public. Then the sticky bit is not preserved; it works only for files *created* in that directory. It should be noted somewhere in the info pages.

The solution in our case was to export the mount with restrictions, ie.
/etc/exports on the computer with the 'public' fs has a line:

/home/lanshare/public 192.168.0.0/255.255.255.0(anonuid=503,anongid=100,all_squash,rw,sync)

just replace your network and the uid of user lanshare.
--------------------------

Took me a minute (and a bit of experimentation with test files) to work out what he's saying. What he means is that even with the setgid bit set on the directory (note: not the sticky bit - its a different thing and it doesn't apply to files anyway) if you copy a file from another directory into the public directory it will not automatically get the group ownsership of 'lanshare'.

So for eg. if you do touch /home/lanshare/public/testfile1 you will see that testfile1 has group ownsership of lanshare, which is what you want. Now do touch /any/other/directory/testfile2 and cp /any/other/directory/testfile2 /home/lanshare/public/. You'll see that testfile2 still has group ownership of whatever your primary group is for your username - ie. the setgid bit has had no effect on it because it wasn't created in that /home/lanshare/public directory.