This might help. I do something similar, but only one share is open to the group's users. Other shares are read-only except for a single maintainer user. The [global] section of my smb.conf is almost identical to yours, except I don't use the force create/directory mode directives (in my case, they'd interfere with the other shares).
Here's the share definition:
[shared stuff]
comment = blah, blah, etc
path = /path/to/share
write list = @sambagroup
force group = +sambagroup
read only = yes
directory mask = 0775
create mask = 0664
guest ok = yes
invalid users = root
case sensitive = True
default case = lower
preserve case = yes
short preserve case = yes
The important stuff here are these:
read only = yes
-- by default, read only.
guest ok = yes
-- guests can browse.
write list = @sambagroup
-- Authenticated members of sambagroup can write.
force group = +sambagroup
-- The + means that the force only applies to existing members of sambagroup. They're already the only ones who can write. I think, without the +, guest is given sambagroup credentials, which is not wanted (particularly with the write list directive above).
directory mask = 0775
create mask = 0664
These do exactly what you want yours to do: "drwxrwxr-x" on directories, "rwxrwxr-x" on files, and newly created files are owned by the user and sambagroup. The maintainers of the other shares get the same permissions as everyone else when working in shared stuff, and permissions & groups are normal when they work in the other shares.
My smb.conf has been working with only minor tweaks through several different versions of Samba, and currently is used with Samba 3.2.5. I never had it running on Ubuntu 8.04, but it ran on Ubuntu 7.04 for a long time before getting migrated to a recent Debian Lenny install.
After getting frustrated attempting to install Fail2Ban 0.9.3 from source, I searched for a custom PPA and found none. But then stumbled across the the official Ubuntu package page for Fail2Ban and it gave me an idea. The official Ubuntu 14.10 (Utopic Unicorn) package for Fail2Ban is at version 0.8.13. Why not install that?
So I got rid of the Ubuntu 12.04.5 install of Fail2Ban like this:
sudo aptitude purge fail2ban
Then I installed some Fail2Ban dependencies manually like this:
sudo aptitude install gamin libgamin0 python-central python-gamin python-support
With that done, I grabbed the raw, source Ubuntu .deb
archive for Fail2Ban 0.8.13 like this:
curl -O -L http://old-releases.ubuntu.com/ubuntu/pool/universe/f/fail2ban/fail2ban_0.8.13-1_all.deb
And then I installed it with dpkg
like this:
sudo dpkg -i fail2ban_0.8.13-1_all.deb
When that was done, I checked the version of the stuff installed like this:
fail2ban-client --version
And it worked!
Fail2Ban v0.8.13
Copyright (c) 2004-2008 Cyril Jaquier, 2008- Fail2Ban Contributors
Copyright of modifications held by their respective authors.
Licensed under the GNU General Public License v2 (GPL).
Written by Cyril Jaquier <cyril.jaquier@fail2ban.org>.
Many contributions by Yaroslav O. Halchenko <debian@onerussian.com>.
With Fail2Ban 0.8.13, I can now add a recidive
filter to /etc/fail2ban/jail.local
and everything works as expected.
NOTE: Please note, that while this all seems to work—and since this is a self-answered question—if anyone out there believes or suspects that this kind of setup of installing an Ubuntu 14.10 package into Ubuntu 12.04.5 is a problem waiting to happen, please let me know. Since Fail2Ban is all Python-based and it seems to work as expected now, I suspect this package was lightweight enough not to run into any problems. But let me know if my assumption is incorrect.
Best Answer
The logpath option takes a wildcard as the official wiki you reference says
so for example
Again from the document you say you read
These are normally put into a .conf file in the filter.d directory.