February 13, 2008 6:16 AM   Subscribe

Issue with Samba (on Ubuntu) file sharing and ownership of files. How do I set it so the ordinary user will not take ownership when saving over a file? (more details inside)

Environment: about 20 windows client computers connecting to an Ubuntu Samba server. The Ubuntu box is mainly administered through Webmin and users are added with the “users and groups” module in webmin and when users are created in there, they are also created in the Samba users module.

Backups are made on one of the workstations with Acronis True Image Workstation to an external hard drive.

Problem: As users open files and save them, they take ownership of them, thus locking out other users from changing and saving the documents because they do not own them.

Where do I set security up to avoid this from happening? Is the file security stored on the individual files (thus having to run chmod or chown) or in Samba?
I guess I need to create groups and give the group ownership of the files so that everyone in the group (practically all clients) can access/change/delete files at will. There will also be 1 or 2 superusers running backups or doing administration activities. How do I give them access without allowing them to take ownership of the files and lock everyone else out?
posted by ijoyner to Computers & Internet (1 answer total) 2 users marked this as a favorite
Best answer: Use this syntax for the share in smb.conf
The security is the most restrictive of the share, the folder, and the individual files.

path = /home/sharedfolder
valid users = @"myspecialusers"
force user = adminuser1
force group = "myspecialusers"
browseable = yes
writeable = yes
create mode = 0660
directory mode = 0770

This means all new files created will be owned by "adminuser1", with group "myspecialusers". All members of the group will have read and write access to files, and read,write,execute for sub-folders. The adminuser1 is arbitrary; it just needs to exist. Also, your members need to be in "myspecialusers".

Also, you'll want to

chown -R admin1:myspecialusers /home/sharedfolder

You'll also want to chmod 660 the existing files, and chmod 770 the directories. For simplicity, you could get away with just:

chmod -R 770 /home/sharedfolder

Or just create the share from scratch, and copy the old files in via the samba share.

If you need extra individual users to get read access, without giving them write access, use this format:

path = /home/sharedfolder
valid users = backupuser1, backupuser2, @"myspecialusers"
force user = adminuser1
force group = "myspecialusers"
browseable = yes
writeable = yes
create mode = 0664
directory mode = 0775

and chmod the old files 664 and 775 respectively. i.e. use

chmod -R 775 /home/sharedfolder

This is less secure (anyone not a member of "myspecialusers" with a shell account will have read access), but I suspect that wouldn't be an issue.
posted by ArkhanJG at 9:10 AM on February 13, 2008 [2 favorites]

« Older What's the thinnest, least "intrusive" condom on...   |   A good meal in Wolverhampton Newer »
This thread is closed to new comments.