I try to setup a small samba server on Ubuntu 12.04 to share files.
It seems to work fine but there is one permission problem.
All Unix users primary group is group_common.
Some users are additionally in group group_confidential.
For all Unix users there is an equivalent samba user.
There is a group mapping setup for both groups using net groupmap.
All files and folders which created on the share should belong to the user and the main group group_common.
This all works fine.
Now there are some confidential files. These files should be only accessible for the users in group group_confidential.
So I try to remove the rights for the group group_common and add rights for the group group_confidential on a windows client. The removing of the rights for group_common is not working.
When I change the group on the Ubuntu machine it works fine.
So the question in short: It is possible to change the unix group of file in a samba share from a windows client or is there another way to restrict the rights for the unix owner group so it is not any more accessible from the windows client. Or is there another way to have confidential files?
Thanks in advance.
Best Answer
While not quite the same situation, and not changing from the Windows end, this is what we did. Again, it won't help for actually changing the permissions, but hopefully it helps anyways.
We had a confidential folder, where we only wanted some users to write to it, but others to read from it. We created two groups,
groupreadandgroupwrite. Wechown'd the folder to thegroupreadgroup, and assigned itchmod 2770, all the way down. Then we created the next folder under it that had the data that had to be restricted to writes only, andchown groupwritethe folder, permissionschmod 2775, so the people with just read access can also read it.In the
/etc/samba/smb.conffile, we added the share declarationinherit permissions = yes, and did not doforce groupor anything else, on that share. So users who need access to it to read are in the read group; everyone who needs to write to it are in both groups.