Linux + Samba permission problems

[calpha]

OK, i've got a samba setup in Domain mode, with everything working perfectly. Since it's domain mode, there's no password issue since the Samba gets the auth from teh PDC (w2k).

I've got two sets of home directories set up. One is public (everyone can read write) and another is private. The private works perfectly. Any user can browse another user's private directories, but they cannot write to it. As it should be.

The public one is where I have the problem. Any user can read/write to the directories....but if user A tries to delete a file that user B created they can't.

Samba Group: smb
Samba Users: ajones:smb
cjones:smb
mjones:smb

public home directory permissions: /home/public/<user>

I ran a chown :smb /home/public -R
I ran a chmod 2777 /home/public -R (sticky bit should keep the gropu the same right??)

Now, when ajones creates a directory under /home/public/cjones
and I run a ls -la
The permissions are right (777), but the directory is owned by ajones:ajones, and not ajones:smb. Thus, if cjones tried to delete/rename that directory, they can't.

Each user is a member of the smb group, and the create mask for that directory is 2777. What in the world am I doing wrong?

 

[chsh1ca]

EDIT: Deleted after I realized what I wrote wasn't entirely applicable. Consider this a bump.

 

[cleverhandle]

I take it you're mounting the shares using smbmount or mount -t smbfs? Are you specifying a user and group in the mount options on the client? Those are the ownerships the client will see, which are not necessarily the same as what the server sees. For example, my public share's line in /etc/fstab is

//server/shared /mnt/shared smbfs rw,guest,uid=nobody,gid=users,fmask=660,dmask=770 0 0

 

[Nothinman]

The private works perfectly. Any user can browse another user's private directories, but they cannot write to it. As it should be.

Private doesn't really mean 'publically readble' to me, but that's not the problem here =)

Look into the 'force group' option, it probably will do what you want.

 

[calpha]

Originally posted by: Nothinman

The private works perfectly. Any user can browse another user's private directories, but they cannot write to it. As it should be.

Private doesn't really mean 'publically readble' to me, but that's not the problem here =)

Look into the 'force group' option, it probably will do what you want.

Yah, I gues that's a misnomer.

basically, they want to have write access only for the authorized user, but allow for view access for everyone.
The force group seems to work but I don't understand why I had to use it. The directory initially was set up to be 2777 & chown'd by :smb which I thought would perpetuate the permissions down any folder created underneath?

When I created the users, since it's on NT Authentication, I only did the following:
useradd -g smb myusername
smbpasswd -a myusername

and that's how I did it. IS that why maybe each user belonged to two groups, myusername, and smb?

Confusious. Wish I was a Unix admin from 1992 on, because I get confrused too damn easily.

 

[Nothinman]

Type 'groups username' and it'll show you all the groups they're a member of. It's been a while since I've had to muck with Samba and permissions so I can't be more specific.

There are a ton of samba settings for permissions, it's possible one of them was the problem.