Pretty sure smb gets "control" of a directory via the group. For my setup, each directory defined by a path in smb.conf has group smbusers, and has rwx permissions. This is applied just to that directory, it is not applied recursively. The files and folders in that directory have the actual remote user's ownership and permissions. What is applied recursively is the selinux label. I find it's better to have a dedicated filesystem volume so you can use the mount option context="system_u:object_r:samba_share_t:s0" and that will apply that context to the whole file system. If a file system volume is being shared, then you'll need to use chcon -R "system_u:object_r:samba_share_t:s0" <path> to apply that context to everything. New files and directories will inherit this context (so long as it's a copy and not a move; so if you move things behind the scenes outside of samba, you can run into label problems since inheritance doesn't apply to moving). Chris Murphy