On Dec 28, 2012, at 5:13 AM, Ibrahim Yurtseven wrote: > Daniel J Walsh wrote: >> Not a great idea since every user will be allowed to read/write/execute in >> this directory. > I ran chown with root:users for data public in recursive mode and added > nobody to the group users, but via samba created files will own by > nobody:nobody instead of nobody:users, so it is not allowed for my > local user to write and read the files added via samba. So I decided to > access rwx to all. what is the trick in the smb.conf that the files > will owned by the group "users"? I'm working with the parameter "create > mask = 777". I would rather work with 770 and the files should be owned > by the user "nobody" and the group "users". ---- I guess I'm not sure what the point is by having files owned by 'nobody' and then adding nobody 'user' to the 'users' group - that seems to be some rather twisted logic that has security implications far beyond the simple samba share configuration but hey… it's your box. chirp users /data/public -R chmod g+s /data/public -R will ensure that all files/folders in /data/public are owned by the group 'users' and any new files/folders created within (whether by samba or not) belong to that group. if you add 'inherit permissions = yes' to the 'share' definition in smb.conf, that also will impact. Yes, you could also add: force security mode = 770 #or 775 force directory security mode = 770 #or 775 within the share definition too. ---- >> I would just check if it works in permissive mode then we can blame this on >> SELinux, if not, then it is not SELinux problem. > Works on permissive mode with activated firewall, but i changed > "security=share" to "security=user" in the smb.conf as well. So the > access to the samba-share works now on enforcing mode, too. ---- in my opinion, security=user is always the better solution. Craig