15

I'm sharing a directory, /home/pi/pydev on a debian box (raspberry pi, in fact) with Samba. I'm reading from and writing to that directory from a Windows 7 machine. When I create, under W7, a file in that directory, it gets 0764 rights, and it's owned by user rolf and group rolf - that's me on the W7 machine.

User pi on the debian box and user rolf (on W7) both need to be able to modify files in that directory, so I made them both member of group coders, hoping I could configure it so that members of coders have at least read & write access to files in that directory. .

But user pi can't modify any file that belongs to group rolf.

I could chmod rolf:coders <filename> file by file.
Adding user pi to group rolf is ugly, and doesn't work (didn't expect that. Does Samba maintain an entirely different user administration with groups, beside Debian's?).
I could also log on to the debian machine as rolf, and navigate to that folder.

But the most elegant way (to me) would be if a file created by rolf from the W7 machine would get userid rolf and groupid coders, by default.

Can I configure Samba to do that, or is there some other way to automate that task?

RolfBly
  • 827

3 Answers3

17

If I understand what you are asking correctly then what you want is inside the smb.conf located here:

   /etc/samba/smb.conf

Add these options to the [global] section:

   force user = rolf
   force group = coders
devnull
  • 5,431
  • 2
    In case like me someone is looking to add user, group, and actual permissions string add create mask = 0775 – danielson317 Jun 09 '17 at 02:11
  • 2
    you do know that the force directives make any user do operations as the specified user/group? say e.g. you have a share /joe and a share /anne, if you do force user = anne on share /anne, then user joe can access /anne, big no-no and a big security risk! this option is so misleading it should be documented better and not used lightly – Gizmo Jan 24 '18 at 13:52
10

you could try adding sticky bit for the group on that folder 

chmod 2770 foldername
find foldername -type d -exec chmod g+s {} \;
Abey
  • 796
  • Like it. The right answer should be this one. Making group permissions on directories and subdirectories sticky is a typical Linux filesystem problem and not a Samba problem. – therealmarv Sep 03 '16 at 14:13
  • 2
    What does it do? – SandRock Aug 06 '18 at 15:06
  • The description of the two kinds of "sticky bits" does not go along with what the answer suggests. Or is it that "execution" of a folder is like execution of a file and therefore the folder then "runs" with ownership under the group that was specified? That is the only way I could imagine how it works.

    https://unix.stackexchange.com/questions/79395/how-does-the-sticky-bit-work

     – bomben Jan 24 '21 at 04:58
  • @bomben that Q&A focuses on executables; see this discussion of permissions for details of setgid’s effect on directories. – Stephen Kitt Nov 07 '23 at 07:29
1

On a samba domain with samba-tool:

samba-tool group addmembers 'My Group Name' 'My Username'
samba-tool user setprimarygroup 'My Group Name' 'My Username'
KJ7LNW
  • 465