Thomas Adam wrote:
--- Tony Whitmore
wrote: One approach is to have group ownership of a pupils folder set to the Teacher's group and use the SetGID options on ext3 and create mask functions in Samba to ensure that files and directories are created with
permissions to allow the teacher's group access. You could also allow write access in the same manner.
You have to be _extremely_ careful with g+s settings. Note that if we are talking $HOME; having that top-level directory sGID is not something you should do.
The clients in the OPs (and my) case are Windows machines using Samba, so $HOME is not as important an issue as it could be for a Linux system based around NFS. For example, our Debian based storage server authenticates users against our NT domain controller for Samba services, but the users don't have shell access. By setting GID on the user's directory, it ensures that files placed into a user's area by the user or by the Administrator are read/writable by the user. This makes restoring files or helping pupils with problems a reduced-hassle process by enabling pupils to work with files created for them by others. By making teachers members of the group that owns the pupil's directory they could traverse the directories as necessary. You can use share permissions to restrict access to "year shares" to members of staff. As for David's concern about setting this us for 4300 users, we use some scripts to set up and configure these scripts. You can find them at http://www.tonywhitmore.co.uk/scripts. There is one to "suck" all the usernames from the NT domain and create home directories based on a path of /home/$DOMAIN/$PRIMARY_GROUP/$USERNAME. There is another script that sets all the permissions on the directories and files. (It also changes ownership as this is important for quotas to work.) It also creates the home directories for any new users. This is run overnight by cron and takes 10 minutes to process 1300 users and ~30GB data. You might find these a useful starting point for your own situation. A third script is run as a root pre-exec every time a connection is initiated to the Samba server - it creates and configures the home folder if it does not already exist. Useful for late admissions or people who start without notice! Cheers, Tony