Samba share for work timesheets











up vote
2
down vote

favorite












So I am currently using Samba as a timesheet service for the employees to write their work hours.



I have a share called "timesheets" that is accessible to all users that are part of the "timesheet" group. In this share, there are folders with names of all the employees. Inside the folders are each employee's excel file.



What I am trying to accomplish is to have everyone access their own folder/timesheet, but not those of others. Except for administration, who should have access to everyones folder for payroll.



The permission for each folder is set to the user to whom it belongs, and the group of that folder is set to "timesheetmgmt". Administration (timesheetmgmt group) can now access all folders, and regular employees (timesheet group) cannot access folders other than their own.



Everything works except when users overwrite their timesheet file, it resets the permissions and changes the group to the owner (ex: employee1:timesheetmgmt becomes employee1:employee1 when they update their file). This is problematic as administration cannot access the files anymore.



I decided to use samba because workstations are both windows and mac at my workplace.



What am I doing wrong? Is samba the right tool for this purpose?



[timesheets]

  comment = Samba Share for Timesheets

  path = /data/timesheets

  browseable = yes

  guest ok = no

  read only = no

  writeable = yes

  valid users = @timesheets

  create mode = 770

  create mask = 770

  directory mode = 770

  locking = no

  strict locking = no

  vfs objects = fruit streams_xattr

  fruit:aapl = yes

  fruit:encoding = native

  fruit:locking = none

  fruit:metadata = stream

  fruit:resource = file





networking server permissions samba file-sharing







share|improve this question




























    up vote
    2
    down vote

    favorite












    So I am currently using Samba as a timesheet service for the employees to write their work hours.



    I have a share called "timesheets" that is accessible to all users that are part of the "timesheet" group. In this share, there are folders with names of all the employees. Inside the folders are each employee's excel file.



    What I am trying to accomplish is to have everyone access their own folder/timesheet, but not those of others. Except for administration, who should have access to everyones folder for payroll.



    The permission for each folder is set to the user to whom it belongs, and the group of that folder is set to "timesheetmgmt". Administration (timesheetmgmt group) can now access all folders, and regular employees (timesheet group) cannot access folders other than their own.



    Everything works except when users overwrite their timesheet file, it resets the permissions and changes the group to the owner (ex: employee1:timesheetmgmt becomes employee1:employee1 when they update their file). This is problematic as administration cannot access the files anymore.



    I decided to use samba because workstations are both windows and mac at my workplace.



    What am I doing wrong? Is samba the right tool for this purpose?



    [timesheets]
    
  comment = Samba Share for Timesheets
    
  path = /data/timesheets
    
  browseable = yes
    
  guest ok = no
    
  read only = no
    
  writeable = yes
    
  valid users = @timesheets
    
  create mode = 770
    
  create mask = 770
    
  directory mode = 770
    
  locking = no
    
  strict locking = no
    
  vfs objects = fruit streams_xattr
    
  fruit:aapl = yes
    
  fruit:encoding = native
    
  fruit:locking = none
    
  fruit:metadata = stream
    
  fruit:resource = file





    networking server permissions samba file-sharing







    share|improve this question


























      up vote
      2
      down vote

      favorite









      up vote
      2
      down vote

      favorite











      So I am currently using Samba as a timesheet service for the employees to write their work hours.



      I have a share called "timesheets" that is accessible to all users that are part of the "timesheet" group. In this share, there are folders with names of all the employees. Inside the folders are each employee's excel file.



      What I am trying to accomplish is to have everyone access their own folder/timesheet, but not those of others. Except for administration, who should have access to everyones folder for payroll.



      The permission for each folder is set to the user to whom it belongs, and the group of that folder is set to "timesheetmgmt". Administration (timesheetmgmt group) can now access all folders, and regular employees (timesheet group) cannot access folders other than their own.



      Everything works except when users overwrite their timesheet file, it resets the permissions and changes the group to the owner (ex: employee1:timesheetmgmt becomes employee1:employee1 when they update their file). This is problematic as administration cannot access the files anymore.



      I decided to use samba because workstations are both windows and mac at my workplace.



      What am I doing wrong? Is samba the right tool for this purpose?



      [timesheets]
      
  comment = Samba Share for Timesheets
      
  path = /data/timesheets
      
  browseable = yes
      
  guest ok = no
      
  read only = no
      
  writeable = yes
      
  valid users = @timesheets
      
  create mode = 770
      
  create mask = 770
      
  directory mode = 770
      
  locking = no
      
  strict locking = no
      
  vfs objects = fruit streams_xattr
      
  fruit:aapl = yes
      
  fruit:encoding = native
      
  fruit:locking = none
      
  fruit:metadata = stream
      
  fruit:resource = file





      networking server permissions samba file-sharing







      share|improve this question















      So I am currently using Samba as a timesheet service for the employees to write their work hours.



      I have a share called "timesheets" that is accessible to all users that are part of the "timesheet" group. In this share, there are folders with names of all the employees. Inside the folders are each employee's excel file.



      What I am trying to accomplish is to have everyone access their own folder/timesheet, but not those of others. Except for administration, who should have access to everyones folder for payroll.



      The permission for each folder is set to the user to whom it belongs, and the group of that folder is set to "timesheetmgmt". Administration (timesheetmgmt group) can now access all folders, and regular employees (timesheet group) cannot access folders other than their own.



      Everything works except when users overwrite their timesheet file, it resets the permissions and changes the group to the owner (ex: employee1:timesheetmgmt becomes employee1:employee1 when they update their file). This is problematic as administration cannot access the files anymore.



      I decided to use samba because workstations are both windows and mac at my workplace.



      What am I doing wrong? Is samba the right tool for this purpose?



      [timesheets]
      
  comment = Samba Share for Timesheets
      
  path = /data/timesheets
      
  browseable = yes
      
  guest ok = no
      
  read only = no
      
  writeable = yes
      
  valid users = @timesheets
      
  create mode = 770
      
  create mask = 770
      
  directory mode = 770
      
  locking = no
      
  strict locking = no
      
  vfs objects = fruit streams_xattr
      
  fruit:aapl = yes
      
  fruit:encoding = native
      
  fruit:locking = none
      
  fruit:metadata = stream
      
  fruit:resource = file





      networking server permissions samba file-sharing




      networking server permissions samba file-sharing






      share|improve this question















      share|improve this question













      share|improve this question




      share|improve this question








      edited Nov 12 at 17:29









      Arronical

      12.9k84689




      12.9k84689










      asked Nov 12 at 17:24









      Roberto Viglione

      112




      112






















          1 Answer
          1






          active

          oldest

          votes

















          up vote
          0
          down vote













          To force the created files to belong to a specific group use the paramteter force group.



          In your case:



          [timesheets]
          
  comment = Samba Share for Timesheets
          
  ...
          
  force group = timesheetmgmt
          
  ...


          In addition, to enforce security, you can add a force create mode or force directory mode to set minimal levels.






          share|improve this answer























          • I agree with your answer but I think you have the wrong group. You want the forced group to be timesheetmgmt ( force group = timesheetmgmt ). That's the admin group. timesheets is the user group and would result in everyone having access to everyone's time sheets.
            – Morbius1
            Nov 13 at 19:25












          • You are right. I had not seen the mention of the management group. I edited my answer accordingly.
            – Marc Vanhoomissen
            Nov 14 at 8:54










          • when I force group, all users regain access to everyone else's folder. Is this because of the valid users = timesheets ?
            – Roberto Viglione
            Nov 14 at 17:03










          • Which group did you use for the 'force group'?
            – Marc Vanhoomissen
            Nov 19 at 14:27










          • I used timesheetmgmt, I think this gives the management permissions to all users in the share, which defeats the purpose of what I am trying to do
            – Roberto Viglione
            Nov 19 at 15:33













          Your Answer








          StackExchange.ready(function() {
          var channelOptions = {
          tags: "".split(" "),
          id: "89"
          };
          initTagRenderer("".split(" "), "".split(" "), channelOptions);

          StackExchange.using("externalEditor", function() {
          // Have to fire editor after snippets, if snippets enabled
          if (StackExchange.settings.snippets.snippetsEnabled) {
          StackExchange.using("snippets", function() {
          createEditor();
          });
          }
          else {
          createEditor();
          }
          });

          function createEditor() {
          StackExchange.prepareEditor({
          heartbeatType: 'answer',
          convertImagesToLinks: true,
          noModals: true,
          showLowRepImageUploadWarning: true,
          reputationToPostImages: 10,
          bindNavPrevention: true,
          postfix: "",
          imageUploader: {
          brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
          contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
          allowUrls: true
          },
          onDemand: true,
          discardSelector: ".discard-answer"
          ,immediatelyShowMarkdownHelp:true
          });


          }
          });














           

          draft saved


          draft discarded


















          StackExchange.ready(
          function () {
          StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2faskubuntu.com%2fquestions%2f1092279%2fsamba-share-for-work-timesheets%23new-answer', 'question_page');
          }
          );

          Post as a guest















          Required, but never shown

























          1 Answer
          1






          active

          oldest

          votes








          1 Answer
          1






          active

          oldest

          votes









          active

          oldest

          votes






          active

          oldest

          votes








          up vote
          0
          down vote













          To force the created files to belong to a specific group use the paramteter force group.



          In your case:



          [timesheets]
          
  comment = Samba Share for Timesheets
          
  ...
          
  force group = timesheetmgmt
          
  ...


          In addition, to enforce security, you can add a force create mode or force directory mode to set minimal levels.






          share|improve this answer























          • I agree with your answer but I think you have the wrong group. You want the forced group to be timesheetmgmt ( force group = timesheetmgmt ). That's the admin group. timesheets is the user group and would result in everyone having access to everyone's time sheets.
            – Morbius1
            Nov 13 at 19:25












          • You are right. I had not seen the mention of the management group. I edited my answer accordingly.
            – Marc Vanhoomissen
            Nov 14 at 8:54










          • when I force group, all users regain access to everyone else's folder. Is this because of the valid users = timesheets ?
            – Roberto Viglione
            Nov 14 at 17:03










          • Which group did you use for the 'force group'?
            – Marc Vanhoomissen
            Nov 19 at 14:27










          • I used timesheetmgmt, I think this gives the management permissions to all users in the share, which defeats the purpose of what I am trying to do
            – Roberto Viglione
            Nov 19 at 15:33

















          up vote
          0
          down vote













          To force the created files to belong to a specific group use the paramteter force group.



          In your case:



          [timesheets]
          
  comment = Samba Share for Timesheets
          
  ...
          
  force group = timesheetmgmt
          
  ...


          In addition, to enforce security, you can add a force create mode or force directory mode to set minimal levels.






          share|improve this answer























          • I agree with your answer but I think you have the wrong group. You want the forced group to be timesheetmgmt ( force group = timesheetmgmt ). That's the admin group. timesheets is the user group and would result in everyone having access to everyone's time sheets.
            – Morbius1
            Nov 13 at 19:25












          • You are right. I had not seen the mention of the management group. I edited my answer accordingly.
            – Marc Vanhoomissen
            Nov 14 at 8:54










          • when I force group, all users regain access to everyone else's folder. Is this because of the valid users = timesheets ?
            – Roberto Viglione
            Nov 14 at 17:03










          • Which group did you use for the 'force group'?
            – Marc Vanhoomissen
            Nov 19 at 14:27










          • I used timesheetmgmt, I think this gives the management permissions to all users in the share, which defeats the purpose of what I am trying to do
            – Roberto Viglione
            Nov 19 at 15:33















          up vote
          0
          down vote










          up vote
          0
          down vote









          To force the created files to belong to a specific group use the paramteter force group.



          In your case:



          [timesheets]
          
  comment = Samba Share for Timesheets
          
  ...
          
  force group = timesheetmgmt
          
  ...


          In addition, to enforce security, you can add a force create mode or force directory mode to set minimal levels.






          share|improve this answer














          To force the created files to belong to a specific group use the paramteter force group.



          In your case:



          [timesheets]
          
  comment = Samba Share for Timesheets
          
  ...
          
  force group = timesheetmgmt
          
  ...


          In addition, to enforce security, you can add a force create mode or force directory mode to set minimal levels.







          share|improve this answer














          share|improve this answer



          share|improve this answer








          edited Nov 22 at 15:36

























          answered Nov 13 at 15:05









          Marc Vanhoomissen

          88011119




          88011119












          • I agree with your answer but I think you have the wrong group. You want the forced group to be timesheetmgmt ( force group = timesheetmgmt ). That's the admin group. timesheets is the user group and would result in everyone having access to everyone's time sheets.
            – Morbius1
            Nov 13 at 19:25












          • You are right. I had not seen the mention of the management group. I edited my answer accordingly.
            – Marc Vanhoomissen
            Nov 14 at 8:54










          • when I force group, all users regain access to everyone else's folder. Is this because of the valid users = timesheets ?
            – Roberto Viglione
            Nov 14 at 17:03










          • Which group did you use for the 'force group'?
            – Marc Vanhoomissen
            Nov 19 at 14:27










          • I used timesheetmgmt, I think this gives the management permissions to all users in the share, which defeats the purpose of what I am trying to do
            – Roberto Viglione
            Nov 19 at 15:33




















          • I agree with your answer but I think you have the wrong group. You want the forced group to be timesheetmgmt ( force group = timesheetmgmt ). That's the admin group. timesheets is the user group and would result in everyone having access to everyone's time sheets.
            – Morbius1
            Nov 13 at 19:25












          • You are right. I had not seen the mention of the management group. I edited my answer accordingly.
            – Marc Vanhoomissen
            Nov 14 at 8:54










          • when I force group, all users regain access to everyone else's folder. Is this because of the valid users = timesheets ?
            – Roberto Viglione
            Nov 14 at 17:03










          • Which group did you use for the 'force group'?
            – Marc Vanhoomissen
            Nov 19 at 14:27










          • I used timesheetmgmt, I think this gives the management permissions to all users in the share, which defeats the purpose of what I am trying to do
            – Roberto Viglione
            Nov 19 at 15:33


















          I agree with your answer but I think you have the wrong group. You want the forced group to be timesheetmgmt ( force group = timesheetmgmt ). That's the admin group. timesheets is the user group and would result in everyone having access to everyone's time sheets.
          – Morbius1
          Nov 13 at 19:25






          I agree with your answer but I think you have the wrong group. You want the forced group to be timesheetmgmt ( force group = timesheetmgmt ). That's the admin group. timesheets is the user group and would result in everyone having access to everyone's time sheets.
          – Morbius1
          Nov 13 at 19:25














          You are right. I had not seen the mention of the management group. I edited my answer accordingly.
          – Marc Vanhoomissen
          Nov 14 at 8:54




          You are right. I had not seen the mention of the management group. I edited my answer accordingly.
          – Marc Vanhoomissen
          Nov 14 at 8:54












          when I force group, all users regain access to everyone else's folder. Is this because of the valid users = timesheets ?
          – Roberto Viglione
          Nov 14 at 17:03




          when I force group, all users regain access to everyone else's folder. Is this because of the valid users = timesheets ?
          – Roberto Viglione
          Nov 14 at 17:03












          Which group did you use for the 'force group'?
          – Marc Vanhoomissen
          Nov 19 at 14:27




          Which group did you use for the 'force group'?
          – Marc Vanhoomissen
          Nov 19 at 14:27












          I used timesheetmgmt, I think this gives the management permissions to all users in the share, which defeats the purpose of what I am trying to do
          – Roberto Viglione
          Nov 19 at 15:33






          I used timesheetmgmt, I think this gives the management permissions to all users in the share, which defeats the purpose of what I am trying to do
          – Roberto Viglione
          Nov 19 at 15:33




















           

          draft saved


          draft discarded



















































           


          draft saved


          draft discarded














          StackExchange.ready(
          function () {
          StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2faskubuntu.com%2fquestions%2f1092279%2fsamba-share-for-work-timesheets%23new-answer', 'question_page');
          }
          );

          Post as a guest















          Required, but never shown





















































          Required, but never shown














          Required, but never shown












          Required, but never shown







          Required, but never shown

































          Required, but never shown














          Required, but never shown












          Required, but never shown







          Required, but never shown







          -

          Popular posts from this blog

          Mouse cursor on multiple screens with different PPI

          Image
          24 6 I'm using a 4K display along with a Full HD display with both almost the same physical size and it brings some mouse cursor problems to me working with it on the default Windows settings. As the mouse movement speed depends on the pixels, it's very slow on the 4K display and very fast on the Full HD display. Is there a windows setting or application to move the mouse depending on the visible distance and not the pixels? Another problem is the virtual wall between the screens I can't move the cursor from the upper half of the 4K screen to the Full HD screen: How is it possible to virtually stretch the cursor transition area of the Full HD screen to the one of the 4K monitor? The smallest problem, nevertheless painful, is the cursor size which varies between the screens. Is there a way ...
          Read more

          Agildo Ribeiro

          Image
          Agildo Ribeiro Agildo em 2015 Nome completo Agildo da Gama Barata Ribeiro Filho Nascimento 26 de abril de 1932 Rio de Janeiro, DF Morte 28 de abril de 2018 (86 anos) Rio de Janeiro, RJ Ocupação Ator e humorista ...
          Read more

          Sometime when accessing a menu: “Ubuntu 16.04 has experienced an internal error”

          Image
          0 Sometime, when I try to access some menu (may be inside an application or desktop, doesn't matter), I got the following error. The menu and submenu disappear for a while. After that, I can continue using the system. And the lspci gave me the following output: $ lspci -k | grep -EA3 'VGA|3D|Display' 00:02.0 VGA compatible controller: Intel Corporation Haswell-ULT Integrated Graphics Controller (rev 0b) DeviceName: Onboard IGD Subsystem: Dell Haswell-ULT Integrated Graphics Controller Kernel driver in use: i915 unity compiz error-handling share | improve this question edited Mar 5 at 16:09 ...
          Read more