Re: [netatalk-admins] Dumb newbie question about groups on linux

Subject: Re: [netatalk-admins] Dumb newbie question about groups on linux
From: Jeff Wiegley (jeff@la.usweb.com)
Date: Mon Mar 30 1998 - 15:12:31 EST

• Next message: Alistair Riddell: "Re: [netatalk-admins] ASun's AFP/TCP patches"
• Previous message: Brian Reid: "Re: [netatalk-admins] odd saving behavior"
• In reply to: Scott Sawyer: "[netatalk-admins] Dumb newbie question about groups on linux"
• Next in thread: Alistair Riddell: "Re: [netatalk-admins] Dumb newbie question about groups on linux"
• Reply: Jeff Wiegley: "Re: [netatalk-admins] Dumb newbie question about groups on linux"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Scott Sawyer wrote:
>
> How do you set up different sharing groups and make netatalk show them as
> options in the Chooser to connect to. I've gotten netatalk installed and
> working but only at the User level and am about to install a VAR server
> 3000 from VA Research and I have yet to figure out groups. Where am I
> sucking.

The way we do it here is:

make a new group in /etc/group, lets call it newgroup for now...

add all the user's usernames to this group that you want to allow
access to the share we will create in a second. Such a line in the
/etc/group file looke like this for us...

newgroup::102:dopey,sneezy,grumpy,doc,bashful,happy,sleepy

then you create the actual directory where all their shared files will
exist...

mkdir /home/newgroupshare

then change the ownership and permissions for this directory...

chgrp newuser /home/newgroupshare
chmod 6755 /home/newgroupshare

then add this directory to the /etc/AppleVolumes.default file...

restart the netatalk server and you should now be able to see this
share when you connect to the server. Your users should be able to
log on with their normal username and password.

For security reasons (don't want root owning a lot of stuff that
users have access to) I also do the following...

create a user named "newgroup" and prevent any logins for it with
a password set to "*". I add the user newgroup to the newgroup group
in /etc/group and I use:

chown newgroup.newgroup /home/newgroupshare

this way the entire share is owned by something other than root.

By setting the mod to 6755 the share has the suid and sgid bits set
and this means that when users create folders and files they will
be created as owned by them but with the group the same as the
parent directory. Thus everyone in the group can access the files.

The latest asun patches handle propogating the sgid bit correctly
now. so make sure you have the latest asun patches installed.

- Jeff

• Next message: Alistair Riddell: "Re: [netatalk-admins] ASun's AFP/TCP patches"
• Previous message: Brian Reid: "Re: [netatalk-admins] odd saving behavior"
• In reply to: Scott Sawyer: "[netatalk-admins] Dumb newbie question about groups on linux"
• Next in thread: Alistair Riddell: "Re: [netatalk-admins] Dumb newbie question about groups on linux"
• Reply: Jeff Wiegley: "Re: [netatalk-admins] Dumb newbie question about groups on linux"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b28 : Sat Dec 18 1999 - 16:32:04 EST