Enforce user and group ownership in subdirectories of a Samba share
I have a Samba share, AcctUsers, setup up for our Accounting Users. Under the share, each user has their own directory. I have given some users access to each others directories so they can access each others files. When a user creates a new file in another users directory, the file is owned by the creating user instead of the directory owner and the directory owner cannot access the file. Ex. Users2 creates a file in User1's directory, the file owner is User2 and User1 cannot access the file. I would like new files to be owned by the directory owner, no matter who has created the files. I used SETFACL to set access permissions. I have set the SUID on the directories, set CREATE MASK, DIRECTORY MASK, FORCE CREATE MODE, FORCE DIRECTORY MODE, FORCE SECURITY MODE, FORCE DIRECTORY SECURITY MODE and nothing enforces file ownership. I have tested the Samba FORCE USER on a share and it will enforce ownership but this is on the share itself. I need the directories beneath the share to enforce individual ownership. In essence, I have set the user and group ownership on individual directories and need to enforce it while using Samba. I can recreate each user directory as a share but this is not efficient. Shares with user directories beneath, is a typical Windows configuration and is what I am familiar with. Is this not the preferred way of doing things in Samba? Thank you for your help. Here is my smb.conf.
[global]
workgroup = MYDOMAIN
passdb backend = tdbsam
printing = cups
printcap name = cups
printcap cache time = 750
cups options = raw
map to guest = Bad User
include = /etc/samba/dhcp.conf
logon path = \\%L\profiles\.msprofile
logon home = \\%L\%U\.9xprofile
logon drive = P:
usershare allow guests = No
idmap gid = 10000-20000
idmap uid = 10000-20000
realm = MYDOMAIN.LOCAL
security = domain
template homedir = /home/%D/%U
template shell = /bin/bash
local master = no
preferred master = no
winbind refresh tickets = yes
domain logons = No
domain master = No
password server = *
wins support = No
wins proxy = no
wins server = dc1.MYDOMAIN.local
remote announce = dc1.MYDOMAIN.local/MYDOMAIN
netbios name = FILESVR
[AcctUsers]
comment = Accounting Users
admin users = @"MYDOMAIN\Domain Admins" @"MYDOMAIN\AcctAdmins"
path = /shares/AcctDept/Users
read only = no
browseable = yes
write list = @"MYDOMAIN\AcctUsers"
create mask = 771
directory mask = 771
inherit permissions = yes
inherit acls = yes
|