http://ask.metafilter.com/83537/Sambafilter/ Comments on Ask MetaFilter post Sambafilter Wed, 13 Feb 2008 09:10:13 -0800 Wed, 13 Feb 2008 09:10:13 -0800 en-us http://blogs.law.harvard.edu/tech/rss 60 http://ask.metafilter.com/83537/Sambafilter Issue with Samba (on Ubuntu) file sharing and ownership of files. How do I set it so the ordinary user will not take ownership when saving over a file? (more details inside) <br /><br /> Environment: about 20 windows client computers connecting to an Ubuntu Samba server. The Ubuntu box is mainly administered through Webmin and users are added with the "users and groups" module in webmin and when users are created in there, they are also created in the Samba users module.<br> <br> Backups are made on one of the workstations with Acronis True Image Workstation to an external hard drive.<br> <br> Problem: As users open files and save them, they take ownership of them, thus locking out other users from changing and saving the documents because they do not own them.<br> <br> Where do I set security up to avoid this from happening? Is the file security stored on the individual files (thus having to run chmod or chown) or in Samba? <br> I guess I need to create groups and give the group ownership of the files so that everyone in the group (practically all clients) can access/change/delete files at will. There will also be 1 or 2 superusers running backups or doing administration activities. How do I give them access without allowing them to take ownership of the files and lock everyone else out? post:ask.metafilter.com,2008:site.83537 Wed, 13 Feb 2008 06:16:17 -0800 ijoyner samba windows networking filesharing linux http://ask.metafilter.com/83537/Sambafilter#1237036 Use this syntax for the share in smb.conf<br> The security is the most restrictive of the share, the folder, and the individual files.<br> <br> <code><br> [sharedfolder]<br> path = /home/sharedfolder<br> valid users = @"myspecialusers"<br> force user = adminuser1 <br> force group = "myspecialusers"<br> browseable = yes<br> writeable = yes<br> create mode = 0660<br> directory mode = 0770<br> </code><br> <br> This means all new files created will be owned by "adminuser1", with group "myspecialusers". All members of the group will have read and write access to files, and read,write,execute for sub-folders. The adminuser1 is arbitrary; it just needs to exist. Also, your members need to be in "myspecialusers".<br> <br> Also, you'll want to <br> <code><br> chown -R admin1:myspecialusers /home/sharedfolder<br> </code><br> You'll also want to chmod 660 the existing files, and chmod 770 the directories. For simplicity, you could get away with just:<br> <code><br> chmod -R 770 /home/sharedfolder<br> </code><br> <br> Or just create the share from scratch, and copy the old files in via the samba share.<br> <br> <br> If you need extra individual users to get read access, without giving them write access, use this format:<br> <code><br> [opensharedfolder]<br> path = /home/sharedfolder<br> valid users = backupuser1, backupuser2, @"myspecialusers"<br> force user = adminuser1 <br> force group = "myspecialusers"<br> browseable = yes<br> writeable = yes<br> create mode = 0664<br> directory mode = 0775<br> </code><br> <br> and chmod the old files 664 and 775 respectively. i.e. use<br> <code><br> chmod -R 775 /home/sharedfolder<br> </code><br> <br> This is less secure (anyone not a member of "myspecialusers" with a shell account will have read access), but I suspect that wouldn't be an issue. comment:ask.metafilter.com,2008:site.83537-1237036 Wed, 13 Feb 2008 09:10:13 -0800 ArkhanJG