I'm working a bit on improving my home network where I've set up a share called LIBRARY
that contains things like music, pictures and similar. Within this share I'd like to create folders that are only available to certain users. I thought this would be easy to do by using file system permissions but samba will create files that belong to the user and their primary group unless i set a "force group" but this sticks throughout the entire share (including subfolders). If I create the directory "project" in LIBRARY (/1000/LIBRARY/project) and set the permissions up as follows:
drwxrwx---. 5 root proj 4096 Jul 7 22:34 project
with users eric and chris in the group proj they will be the only ones able to view the folder project but files they create within project will belong to the group smblib and this seems like a bit of a problem from a security pov, maybe this isn't an issue in the network I'm currently setting it up in I'm all for doing things properly.
Is it possible to set up samba to set different file permissions within different directories in the same share? I want my all users to create files that belong to the user and smblib in library except for in the project directory where they should belong to user and proj. I know I can get it to work by moving proj out of library but I don't fancy the idea of having too many shares or is that the only option?
The share in smb.conf:
comment = Library
path = /1000/LIBRARY
writable = yes
force group = smblib
create mask = 0660
directory mask = 0770
valid users = eric chris emily
all users are part of the smblib group