Skip to content

Shared samba directories

October 21, 2006

The samba set up on the new server for users has been flawless, but the shared directories slightly less so. I had a problem where if one of the family created a directory then the rest of the family could not add to that directory. Looking on the Solaris side it was clear the problem, the directory was created mode 755. Typing this I realize just how bad that is. 755 could not possibly mean anything to anyone who was not up to their armpits into UNIX computing and the explication would fill pages and indeed it does.

The permissions I want to force for directories are “read, write and execute for group” as well as the owner. Ie mode 775. It would also be nice if I could stop one user deleting the other users work so setting the sticky bit would also be good giving mode 1755.

Trundling through the smb.conf manual page tells me that there is an option, “force directory mode” that does exactly what it implies and what I want. I’m sure I could achieve the same with an ACL and will do that later so that SMB and NFS give the same results. However for now smb.conf serves this purpose.

So the new entry in the smb.conf for the shared area where we keep pictures looks like this:

 [pics]    comment = Pictures    path = /tank/shared/pics    public = yes    writable = yes    printable = no    write list = @staff    force directory mode = 1775    force create mode = 0444    root preexec = ksh -c ‘/usr/sbin/zfs snapshot tank/shared/pics@smb$(/tank/local/smbdate)’ 

Now everyone can add to the file system but can’t delete others photos, plus I get a snapshot every time someone starts to access the file system.

Tags: topic:[Solaris] topic:[home server] topic:[samba]


From → Solaris

One Comment
  1. Alex permalink

    Very cool, I’d always considered setting something up and trying to force 1775 permissions 🙂 Useful for letting a bunch of people upload new stuff to you! The snapshots are the icing on the cake!
    Thanks – works great.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s

%d bloggers like this: