N
N
n11ghtmare2020-02-09 16:56:52
Samba
n11ghtmare, 2020-02-09 16:56:52

Samba Full folder access to a group or multiple groups?

Hello Samba on Debian.
The task is to make
1. Public folder - do what you want and who wants it.
2. Folder Buh - Accounting does what they want and who wants only from this group smbbuh
3. Folder Yurist - Lawyers do what they want and who wants only their groups smbyurist
4. Folder Dogovora - Accounting (smbbuh) full access, yurist - full access a group work - Read only

In the group smbbuh - ivanova, petrov.
Samba settings:
[public]
comment = Shared for all
path = /samba/public
read only = no
guest ok = yes

[buh]
path = /samba/buh
read only = no
guest ok = no

[yurist]
path = /samba/ lawyer
read only = no
guest ok = no

[Dogovora]
path = /samba/dogovora
read only = no
guest ok = no Folder permissions Public 777 or

drwxrwxrwx
root root inside files:
drwxr-xr-x 2 ivanova ivanova 4096 Feb 9 16: 52 Folder
-rwxr--r-- 1 ivanova ivanova 0 Feb 9 16:52 'New text document.txt'
buh
drwxrwx--- root smbbuh
yurist
drwxrwx--- root smbyurist

( try with chmod g+s too ) one fig the same result

when the user creates folders, the permissions are:

drwxr-sr-x 2 ivanova smbbuh 4096 Feb 9 15:48 ivanova -folder
-rwxr--r-- 1 ivanova smbbuh 0 Feb 9 15:48 ivanova.txt
drwxr-sr-x 2 petrov smbbuh 4096 Feb 9 15:57 petrov -folder
-rwxr--r-- 1 petrov smbbuh 0 Feb 9 15:57 petrov.txt

as a result the @smbbuh group will have access to the buh folder but if anyone - something from this group will create a NEWPAPKA folder or a NEWFILE file there, then other users of the group will not be able to delete the file and folder or write a new file to the NEWPAPKA folder. Since only the owner-creator will have rights. If with g+a then any user of the smbbuh group can delete files in buh but cannot change them. and can not change to rename the folder created not by him.

Example: ivanova and petrov are members of the smbuh group, ivanova creates the ivanova folder and the ivanova.txt file in it, then the user petrov will not be able to delete, modify, or add the file to the ivanova folder. along the path /buh/ivanova/... and cannot change the ivanova.txt file in the /buh folder, but can delete it.

How to make the @smbbuh group have full rights to the buh folder and to all folders and files that are created in them.

that is, the smbbuh group has full access to everything inside, not only to its own files and folders, but also to those created by other users of the group, that is, delete, edit, save, etc.

It seems the simplest task, but I've been trying to win for 2 days. On Windows, I added a group and added rights, ready.

2. And another question, is it possible to make the rights for several groups, for example, the yurist and buch groups have full rights to the contract folder, and the work group Read only?

Thanks for answers.

Answer the question

In order to leave comments, you need to log in

1 answer(s)
I
InfSub, 2021-09-05
@InfSub

in smb.conf add in each section you created where there is no guest access:

force directory mode = 0777
force create mode = 0676

then users belonging to the same group will be able to edit each other's files and folders,
it should turn out something like this:
[yurist]
path = /samba/yurist
read only = no
guest ok = no
force directory mode = 0777
force create mode = 0676

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question