November 2012 Archives

Wonders of setgid

Samba Project is perhaps the best example of the value of reverse engineering. More specifically, I would assert that Samba is the critical glue application that provides tremendous value to Linux kernel and also helps to transform the operating system into a formidable player in the heterogeneous networks where M$ client desktops are perhaps ubiquitous. 

At the moment my holy trinity for large deployments would be apache, openvpn, and samba.
For the unfamiliar, Samba allows the linux kernel to speak and understand the CIFS or SMB protocol that is native to the M$ operating system. The fantastic reverse engineering work of Andrew Tridgell and the rest of the Samba Project team makes all of this transparent to the end-user.

From time to time, I run into access control problems on the file system level. When creating samba shares, I generally follow the create mask and directory mask convention of 0755.  This is supposed to ensure that owner rights are preserved when new files and directories are created.  However, there are instances when an owner creates a directory on samba share, with strict create and directory masks enforced, and this new share will assume owner and group permissions of its creator.  Inevitably, this condition will cause problems. This is particularly true when you have multiple users and samba shares. In these situations, users are creating files and directories on a daily basis.  The unexpected changing of directory permissions can be quite annoying.

After perusing the interwebs, I found that the following technique works to ensure that directory ownership permissions will not change, when files and directories are manipulated within a samba share.

I ran the below command against all of my samba shares. 

find /some/dir/path/ -type d -exec chmod g+s {} \;




Monthly Archives

Pages

OpenID accepted here Learn more about OpenID
Powered by Movable Type 4.25

About this Archive

This page is an archive of entries from November 2012 listed from newest to oldest.

October 2012 is the previous archive.

January 2013 is the next archive.

Find recent content on the main index or look in the archives to find all content.