[nzlug] Maintaining owners /groups over network shares
Daniel Pittman
daniel at rimspace.net
Mon May 5 15:25:22 NZST 2008
Paul Lowman <paul_lowman at xtra.co.nz> writes:
> OK all you server gurus how do you deal with the following situation
> ...
>
> I have some directories / files owned by user A and belonging to group
> B. These directories / files are shared by samba.
>
> When the share is mounted on a client machine the owner / group change
> to different names. This is because the UID and GID are assigned to
> different owner / group names. ie: the UID / GID are maintained across
> the share but map to different users / groups. The result being that
> the shared files no longer have the necessary permissions on the
> client machine.
>
> My question is what is the recommended way of dealing with this
> scenario such that the client machine has the same permissions as the
> server.
Two options: turn of the 'Unix Extensions' in the Samba server, or
ensure that your UID/GID mappings are stable across the network using
LDAP, NIS or some other directory service / distribution technology.
> I thought that if SUID or SGID were set on the files then all would be
> well but it does not seem to do the trick.
I don't think those permissions mean what you think they mean:
Unix doesn't actually use a *name* for anything related to permissions,
only a number. The SUID and SGID bits mean "when you run this
application do so with the [UG]ID *number* of the file owner, not the
invoking user."
All the name stuff is a layer added on top of the basic numeric
identifiers for human convenience.
So, no, SUID/SGID would absolutely not have helped you with the problem
you are trying to solve (mismatch of number to name mappings), and will
have actively made things worse if people used those applications.
Regards,
Daniel
More information about the NZLUG
mailing list