On Saturday 15 Oct 2011 09:53:05 lynn wrote:
On Friday 14 Oct 2011 19:18:26 John Andersen wrote:
On 10/13/2011 11:42 PM, Roger Oberholtzer wrote:
On Thu, 2011-10-13 at 18:07 -0700, John Andersen wrote:
The key was to disallow the local machine from setting uid/gid on the server, and allow samba to do this via the rules in the smb.conf.
We always set the smb.conf to force some things: [datashares]
comment = Company Files path = /raid/....... force group = +datashare read only = No create mask = 0660 force create mode = 0660 security mask = 0770 directory mask = 0770 force directory mode = 0770 directory security mask = 0770
It seems that you have sort of focused on group permissions rather than user permissions. I suspect that this is the only approach for CIFS. Then, all users that should share a volume are a member of that volume's group. You could, I guess, have a group for each share.
Exactly right Roger.
We had to do that because we had a mix of Windows and Linux machines on the network, and folks had to share documents in a common directory. We wanted to maintain owner (creater) info, but still allow full group access (read/write, etc).
For the user's server based Home directory we used different permissions of course.
The fact still remains that CIFS does not know what the the user:group permissions are of the user who has just authenticated. What is clear is that new files will be created with either:
1. The uid of the user who mounts the share. Or, 2. The uid and gid specified on the mount line.
What I need is this:
mount -t cifs //hh1.com/users /home -o rw,user,uid=$USER,gid=users
but of course $USER is only available after the user has authenticated. Is there a script that runs immediately after the user has authenticated where I could place this line?
Thanks.
Duh. Sorry. I would also need an environment variable for password=. Can's see how to set that although google tells me that it is available somewhere. x -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org