Sambafilter
February 13, 2008 6:16 AM Subscribe
Issue with Samba (on Ubuntu) file sharing and ownership of files. How do I set it so the ordinary user will not take ownership when saving over a file? (more details inside)
Environment: about 20 windows client computers connecting to an Ubuntu Samba server. The Ubuntu box is mainly administered through Webmin and users are added with the “users and groups” module in webmin and when users are created in there, they are also created in the Samba users module.
Backups are made on one of the workstations with Acronis True Image Workstation to an external hard drive.
Problem: As users open files and save them, they take ownership of them, thus locking out other users from changing and saving the documents because they do not own them.
Where do I set security up to avoid this from happening? Is the file security stored on the individual files (thus having to run chmod or chown) or in Samba?
I guess I need to create groups and give the group ownership of the files so that everyone in the group (practically all clients) can access/change/delete files at will. There will also be 1 or 2 superusers running backups or doing administration activities. How do I give them access without allowing them to take ownership of the files and lock everyone else out?
Environment: about 20 windows client computers connecting to an Ubuntu Samba server. The Ubuntu box is mainly administered through Webmin and users are added with the “users and groups” module in webmin and when users are created in there, they are also created in the Samba users module.
Backups are made on one of the workstations with Acronis True Image Workstation to an external hard drive.
Problem: As users open files and save them, they take ownership of them, thus locking out other users from changing and saving the documents because they do not own them.
Where do I set security up to avoid this from happening? Is the file security stored on the individual files (thus having to run chmod or chown) or in Samba?
I guess I need to create groups and give the group ownership of the files so that everyone in the group (practically all clients) can access/change/delete files at will. There will also be 1 or 2 superusers running backups or doing administration activities. How do I give them access without allowing them to take ownership of the files and lock everyone else out?
This thread is closed to new comments.
The security is the most restrictive of the share, the folder, and the individual files.
[sharedfolder]
path = /home/sharedfolder
valid users = @"myspecialusers"
force user = adminuser1
force group = "myspecialusers"
browseable = yes
writeable = yes
create mode = 0660
directory mode = 0770
This means all new files created will be owned by "adminuser1", with group "myspecialusers". All members of the group will have read and write access to files, and read,write,execute for sub-folders. The adminuser1 is arbitrary; it just needs to exist. Also, your members need to be in "myspecialusers".
Also, you'll want to
chown -R admin1:myspecialusers /home/sharedfolder
You'll also want to chmod 660 the existing files, and chmod 770 the directories. For simplicity, you could get away with just:
chmod -R 770 /home/sharedfolder
Or just create the share from scratch, and copy the old files in via the samba share.
If you need extra individual users to get read access, without giving them write access, use this format:
[opensharedfolder]
path = /home/sharedfolder
valid users = backupuser1, backupuser2, @"myspecialusers"
force user = adminuser1
force group = "myspecialusers"
browseable = yes
writeable = yes
create mode = 0664
directory mode = 0775
and chmod the old files 664 and 775 respectively. i.e. use
chmod -R 775 /home/sharedfolder
This is less secure (anyone not a member of "myspecialusers" with a shell account will have read access), but I suspect that wouldn't be an issue.
posted by ArkhanJG at 9:10 AM on February 13, 2008 [2 favorites]