Visit Jeremy's Blog.
Go Back > Forums > Linux Forums > Linux - Server
User Name
Linux - Server This forum is for the discussion of Linux Software used in a server related context.


  Search this Thread
Old 02-09-2011, 09:04 AM   #1
Registered: Apr 2006
Location: Athens, Greece
Distribution: slackware, debian, ubuntu
Posts: 648

Rep: Reputation: 38
samba shares and the notion of group of groups

Hello everyone,
this is really a brainstorming thread seeking advise on how to setup some samba shares within a small office network. For the quick judgers:

-no I'm not an IT expect and I'm not even the IT at the office, I just fill in this gap too.
-I have looked into several samba 'by example' tutorials - none seems to fit my needs or answer some of my Qs.

So I seek advise from your experience:

What do I know:
-the functionality of the setgid to have subfolders inherit the group owner of the parent folder
-the fact that I don't want samba in 'share' level in order to register the owners of files
-the functionality of acls that enables inheritance of rwx permissions to subfoldrs of a parent folder.
- the groupmod -o option but that doesn't help apparently.

So this is a 25ppl civil engineer consulting office. The physical groups of ppl working here are: engineers, drafters (those who generate the drawings , i'm not sure if thats the correct term), and secretaries.

The job usually is done in the following way, once a project commences a project folder gets generated and everything is done in there. incoming mail arrives there (secretaries put it there), engineers do they calculations on speadsheets, write reports and do draft drawings and, finally, drafters take the draft drawings and finalize them.
So pretty much everyone of these 3 groups needs write access to the main project folder.

How do I accomplish that? as which group should I create the project folders?
It came to mind the notion of group of groups. Now that the actual owner of the file is not so important anymore (several engineers will need to have write access to the folder) and group becomes important, it would be nice to have the ability to add... groups (instead of users) to groups! so that the permissions to a group are inherited by its children groups...
Does such functionality exist of can it be implemented somehow?

How do I go about giving access to everyone and at the same time, NOT giving up on the 'user' secutiry level of samba (and NOT just giving rwx permission to 'others'?

Is it possible? or Should I instead forget about individuals and match the 'physical groups' to 'linux users' and 'groups of groups' to 'linux groups'? ( This means I should give on ownership of files by individuals )?

Since its a small office some work is mixed - engineers might pickup incoming email, a secretary might do abit of drafting work etcetc.

What do you propose I do?
Thank you for your help.
Old 02-10-2011, 04:39 AM   #2
Senior Member
Registered: Jul 2007
Distribution: Gentoo
Posts: 2,125

Rep: Reputation: 780Reputation: 780Reputation: 780Reputation: 780Reputation: 780Reputation: 780Reputation: 780
Take a look at this link. Specifically, try the write list option which will let you specify which users you want to have write access. The information comes from the Samba documentation here. Samba permissions operate like a hybrid between Windows and Linux, which limits your capability somewhat. You could also specify a "group" with write permissions for certain users and read permissions for others. You could then force this group on the samba share, which I think will also accomplish your goal.
Old 02-10-2011, 07:18 AM   #3
Registered: Apr 2006
Location: Athens, Greece
Distribution: slackware, debian, ubuntu
Posts: 648

Original Poster
Rep: Reputation: 38
Noway2 thank you for the reply, but I'm afraid this doesn't accomplish my goal..
before samba permissions , there are the linux permissions.. and if these are not setup in the way I want its no use setting up samba. (even though this is the way forward in setting up samba)

I'm reading through o'reilly books about administration and found smth that I had thought of but did not want to use as it is not ideal. It seems to be the only way though. It states here that I could be setting up a group for each project. Then any user needing access would be included in the group. But that destroys the notion of the physical groups (engineers, drafters, secretaries) and , most importantly , it requires IT support to have an active role in the creation of new projects as they'll have to setup permissions etcetc. And i wanted to avoid that. [O'Reilly - Essential System Administration 3rd Edition].

So i'm still out there looking, even though I 'm afraid i'll end up storing my files in the public folder in the end...
Old 03-12-2011, 12:39 AM   #4
LQ Newbie
Registered: Oct 2008
Posts: 18

Rep: Reputation: 0
samba read list and write list

I am working for a community where several people are engaged for 4 different development projects. we are planning to have a samba server to store our data.

Now the problem is that I have created a share in which @groupa, @groupb and @groupc are allowed to read and write. But three of the members of @groupb are only allowed to for read permission only.

The share that I have created is as follows

path = /mnt/jonodev
comment =
writeable = yes
browseable = yes
create mode = 755
directory mode = 755
read list =john,lexi,rathi
write list =@groupa,@groupb,@groupc
valid users = @work,@Developer,@support
read only = no

Members in Groups
groupa = shashi, thomas, kiran, mathew, rosh
groupb = rakesh, william, randy, john, lexi, rathi
groupc = simsim, aham, gothik, rama, ruby

all these groups have read/write permission on above share only john, lexi and rathi have read permissions.

I thought adding john, lexi and rathi to read list would restrict them from writing to share but it doesn't happen.

please help as early as possible or guide me to the place where I can find the help for same. As I have tried to find samba forums but wasn't able to find the appropriate.
Old 03-12-2011, 04:50 AM   #5
Senior Member
Registered: Jul 2007
Distribution: Gentoo
Posts: 2,125

Rep: Reputation: 780Reputation: 780Reputation: 780Reputation: 780Reputation: 780Reputation: 780Reputation: 780
First, while I realize that you are posting to a thread that is very similar to your question, it is considered rude to use an old thread to as a new question. Would you please use the report function of your post to send a message to a moderator asking them to move it to its own thread. This will also help your thread get the attention it deserves.

Second, in answer to your question, have you looked into the Linux file/group permissions. My suggestion would be to let Linux handle the permissions and create a Linux, not samba, group, that has group write permissions enabled. Then make the users that you wish to be able to write members of that group.


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
samba shares permissions as flexible as 2003server shares? fdelval Linux - Newbie 5 11-23-2010 08:29 AM
invalid group id redhat linux as 5 - all groups in group file are invalid groups nlong1 Red Hat 1 02-15-2009 03:43 AM
Shares and groups nkeever Linux - Newbie 1 05-16-2006 12:39 PM
Linux can mount samba shares but not windows shares bindsocket Linux - Software 1 12-01-2003 05:28 PM
User Group and samba shares Sylhouette Linux - General 0 01-09-2002 03:26 PM > Forums > Linux Forums > Linux - Server

All times are GMT -5. The time now is 02:47 PM.

Main Menu
Write for LQ is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration