Author Topic: Folder sharing & security  (Read 2390 times)

brononi

  • Zen Apprentice
  • *
  • Posts: 13
  • Karma: +0/-0
    • View Profile
Folder sharing & security
« on: March 16, 2008, 08:46:22 am »
Hey,

I'v noticed that when i create a group (with folder), that everybody can create, open & change the files. But you can't delete a file from somebody else?
Is there a way to give more 'advance' security to the groups?

Like i would like that everybody can do everything (also deleting) in a common folder...


Thanks,
Brononi

sixstone

  • Zentyal Staff
  • Zen Hero
  • *****
  • Posts: 1417
  • Karma: +26/-0
    • View Profile
    • Sixstone's blog
Re: Folder sharing & security
« Reply #1 on: March 17, 2008, 09:47:11 am »
You may change the directory permission mask on /usr/share/ebox/stubs/samba/smb.conf.mas by setting the following property:
Code: [Select]
        force create mode = 0770
        force directory mode = 1770

I hope this helps.
My secret is my silence...

brononi

  • Zen Apprentice
  • *
  • Posts: 13
  • Karma: +0/-0
    • View Profile
Re: Folder sharing & security
« Reply #2 on: March 19, 2008, 08:13:10 pm »
For the moment, i've got following in that file.
So I think that these settings are alreayd in place?


Code: [Select]
%       foreach my $group (@dirgroup) {
[_<% $group->{'sharename'} %>]
        path = <% $group->{'path'} %>
        valid users = @"<% $group->{'groupname'} %>"
        force group = "<% $group->{'groupname'} %>"
        force create mode = 0770
        force directory mode = 1770
        printable = No
        read only = No
        browseable = Yes
%       }
% }

sixstone

  • Zentyal Staff
  • Zen Hero
  • *****
  • Posts: 1417
  • Karma: +26/-0
    • View Profile
    • Sixstone's blog
Re: Folder sharing & security
« Reply #3 on: March 20, 2008, 05:55:12 pm »
Sorry, my explanation was horrible.

If you want to be able to remove files from somebody's else you may change the directory mode by removing the sticky bit as follows:

Code: [Select]
force directory mode = 0770

I apologise for the confusion I've created... :(
My secret is my silence...

brononi

  • Zen Apprentice
  • *
  • Posts: 13
  • Karma: +0/-0
    • View Profile
Re: Folder sharing & security
« Reply #4 on: March 20, 2008, 08:35:24 pm »
force directory mode = 0770

You've put me on the right track... ;)

I was already playing around with these settings.
And i've tried the force dir mode on 0770. But no luck...
After a restart of the samba (file sharing), and even after a complete reboot, the newly created folders stay the same.
With "ls -l", you can seen on the end of the settings a "t". Only with 0777 this isn't the case...

For the moment, i go the group folder and do a "chmod 0770 *" after creating the groups.
This works (for now)...

sixstone

  • Zentyal Staff
  • Zen Hero
  • *****
  • Posts: 1417
  • Karma: +26/-0
    • View Profile
    • Sixstone's blog
Re: Folder sharing & security
« Reply #5 on: March 21, 2008, 10:39:23 am »
I think the dir permission are set during the creation by samba daemon... So it will only work with new ones. :-D
My secret is my silence...

brononi

  • Zen Apprentice
  • *
  • Posts: 13
  • Karma: +0/-0
    • View Profile
Re: Folder sharing & security
« Reply #6 on: March 21, 2008, 03:36:44 pm »
I've removed the groups, and recreated them. But it stays the same... :$