Starrett2005
asked on
Samba shared file permissions do not transend to sub folders/files
We use RHEL5.3 with the default Samba version 3.0.33, when a Windows user drops a file into a Samba share, no other users can access the file because it is owned by that user.
Is there a way to allow Linux to propograte permissions from the root object to all sub files and directories when a new file/directory is added.
Is there a way to allow Linux to propograte permissions from the root object to all sub files and directories when a new file/directory is added.
I think you want to include g+s on the group option for chmod...that way the group owner of the parent directory will also be the group owner for anything added to that directory. If the group has permissions on the parent, they will be inherited.
chmod -R g+rwxs <top-level-folder>
chmod -R g+rwxs <top-level-folder>
I tend to add users into the same group for the same share. This makes managing the security easier for myself.
This is a snippet of my smb.conf
[Company Name]
path = /shares/CoName
writeable = yes
browseable = yes
valid users = user1, user2, user3, user4
create mask = 0770
directory mask = 0770
force create mode = 0770
force directory mode = 0770
force group = +jhp
Then do a restart of the samba service and all should be well
This is a snippet of my smb.conf
[Company Name]
path = /shares/CoName
writeable = yes
browseable = yes
valid users = user1, user2, user3, user4
create mask = 0770
directory mask = 0770
force create mode = 0770
force directory mode = 0770
force group = +jhp
Then do a restart of the samba service and all should be well
ASKER
Reset permissions first to:
chmod -R 0770 /u01/US/
chmod -R ug+rwx,o+rx-w /u01/US/
Results:
-rwxrwxr-x applssd programmers root:object_r:file_t LMISRDB1.fmb
-rwxr--r-- testuser domain users root:object_r:file_t Dropped_File.xls
-rwxrwxr-x applssd programmers root:object_r:file_t MRPATPRS.fmb
chmod -R g+rwxs /u01/US/
Results:
-rwxrws--- applssd programmers root:object_r:file_t LMISRDB1.fmb
-rwxr--r-- testuser programmers root:object_r:file_t Dropped_File.xls
-rwxrws--- applssd programmers root:object_r:file_t MRPATPRS.fmb
Neither of these solutions produce the results I need, the "Programmers" and "Domain Users" security groups are Windows Active Directory. The "applssd" is the local linux Oracle account, if this account cannot access the file then Oracle cannot use the updated file.
I need to ensure that the user account "applssd" and the "Programmers" can access the files to read(applssd) or modify(Programmers).
I do not want to use the Public security attribute for security reasons.
Anymore ideas?
chmod -R 0770 /u01/US/
chmod -R ug+rwx,o+rx-w /u01/US/
Results:
-rwxrwxr-x applssd programmers root:object_r:file_t LMISRDB1.fmb
-rwxr--r-- testuser domain users root:object_r:file_t Dropped_File.xls
-rwxrwxr-x applssd programmers root:object_r:file_t MRPATPRS.fmb
chmod -R g+rwxs /u01/US/
Results:
-rwxrws--- applssd programmers root:object_r:file_t LMISRDB1.fmb
-rwxr--r-- testuser programmers root:object_r:file_t Dropped_File.xls
-rwxrws--- applssd programmers root:object_r:file_t MRPATPRS.fmb
Neither of these solutions produce the results I need, the "Programmers" and "Domain Users" security groups are Windows Active Directory. The "applssd" is the local linux Oracle account, if this account cannot access the file then Oracle cannot use the updated file.
I need to ensure that the user account "applssd" and the "Programmers" can access the files to read(applssd) or modify(Programmers).
I do not want to use the Public security attribute for security reasons.
Anymore ideas?
Have you considered adding the users to the groups file that need shared permissions?
did you set the 's' bit on the group using chown like I suggested? that way if 'programmers' group-owns the parent folder, they will also group-own items added to the folder (rather than domain admins)
is applssd a member of programmers?
is applssd a member of programmers?
ASKER
Blundey, not sure what your saying.
JammyPack, yes added the 's' bit that came closest to what i need, but the owner is still the user that dropped the file there.
I cannot add the applssd user to "Programmers" because "Programers" is a Windows Domain group and "applssd" is a Linux local user account
If "applssd" user cannot access the updated file then the file cannot be used by Oracle until we manually reset permissions so "applssd" is the owner.
Again, I would perfer not to use the "Public" security attribute to get around this.
JammyPack, yes added the 's' bit that came closest to what i need, but the owner is still the user that dropped the file there.
I cannot add the applssd user to "Programmers" because "Programers" is a Windows Domain group and "applssd" is a Linux local user account
If "applssd" user cannot access the updated file then the file cannot be used by Oracle until we manually reset permissions so "applssd" is the owner.
Again, I would perfer not to use the "Public" security attribute to get around this.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
This what worked
chown -R root:users /home/shares/allusers/
chmod -R ug+rwx,o+rx-w /home/shares/allusers/
Where /home/shares/allusers/ is your shared directory
Also ensure in smb.conf;
[allusers]
path = /home/shares/allusers
valid users = @users
force group = users
create mask = 0660
directory mask = 0771
writable = yes
That should work