HPE GreenLake Administration
- Community Home
- >
- Servers and Operating Systems
- >
- Operating Systems
- >
- Operating System - HP-UX
- >
- Re: setting group id from windows client
Operating System - HP-UX
1827800
Members
2907
Online
109969
Solutions
Forums
Categories
Company
Local Language
back
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Forums
Discussions
Discussions
Discussions
Forums
Discussions
back
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Blogs
Information
Community
Resources
Community Language
Language
Forums
Blogs
Topic Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
05-08-2003 03:19 PM
05-08-2003 03:19 PM
setting group id from windows client
I have a unix script that I run to create Project directory structures on a unix server (HP-UX 11i) and running Samba for Windows clients to map to the directories.
Part of the script runs like this:-
(I hope the formatting comes out OK)
mkdir $pname
cd /eng/mech/projects/$pname
chgrp engadmin /eng/mech/projects/$pname
###########################
# make the subdirectories #
###########################
mkdir group1 group2 group3 documents images customer_data
cd group1
mkdir drawings
# change the group to group1 for this dir and sub dirs
chgrp -R group1 /eng/mech/projects/$pname/group1
# Set group to group1 for all files created in this dir
chmod -R g+s /eng/mech/projects/$pname/group1
# same for other sections/groups
cd /eng/mech/projects
#############################
# set up shared directories #
#############################
chgrp -R shared /eng/mech/projects/$pname/documents
chgrp -R shared /eng/mech/projects/$pname/images
chgrp -R shared /eng/mech/projects/$pname/customer_data
chmod -R 775 /eng/mech/projects/$pname/documents
chmod -R 775 /eng/mech/projects/$pname/images
chmod -R 775 /eng/mech/projects/$pname/customer_data
# now add the set-group-ID flag to make sure all files
# created have the shared group
chmod -R g+s /eng/mech/projects/$pname/documents
chmod -R g+s /eng/mech/projects/$pname/images
chmod -R g+s /eng/mech/projects/$pname/customer_data
Now this works fine when I create these directory structures from Unix as a User with a /home and a password,
But, I want selected users (in engadmin group) to be able to create these structures from a Windows (2K) client. These users cannot log on to the Unix server, but are /homeless nopassword users on the Unix side.
I can create a Master Project Directory structure and have this copied and renamed, but, and here lies my problem, I cannot get the set-group-id part to work from windows.
Does anyone know how to this from a windows client? ie. Anything created in the directories (especially the shared directories) need to have the group changed to that of the directory.
Any ideas?
Thanks,
Dave
Part of the script runs like this:-
(I hope the formatting comes out OK)
mkdir $pname
cd /eng/mech/projects/$pname
chgrp engadmin /eng/mech/projects/$pname
###########################
# make the subdirectories #
###########################
mkdir group1 group2 group3 documents images customer_data
cd group1
mkdir drawings
# change the group to group1 for this dir and sub dirs
chgrp -R group1 /eng/mech/projects/$pname/group1
# Set group to group1 for all files created in this dir
chmod -R g+s /eng/mech/projects/$pname/group1
# same for other sections/groups
cd /eng/mech/projects
#############################
# set up shared directories #
#############################
chgrp -R shared /eng/mech/projects/$pname/documents
chgrp -R shared /eng/mech/projects/$pname/images
chgrp -R shared /eng/mech/projects/$pname/customer_data
chmod -R 775 /eng/mech/projects/$pname/documents
chmod -R 775 /eng/mech/projects/$pname/images
chmod -R 775 /eng/mech/projects/$pname/customer_data
# now add the set-group-ID flag to make sure all files
# created have the shared group
chmod -R g+s /eng/mech/projects/$pname/documents
chmod -R g+s /eng/mech/projects/$pname/images
chmod -R g+s /eng/mech/projects/$pname/customer_data
Now this works fine when I create these directory structures from Unix as a User with a /home and a password,
But, I want selected users (in engadmin group) to be able to create these structures from a Windows (2K) client. These users cannot log on to the Unix server, but are /homeless nopassword users on the Unix side.
I can create a Master Project Directory structure and have this copied and renamed, but, and here lies my problem, I cannot get the set-group-id part to work from windows.
Does anyone know how to this from a windows client? ie. Anything created in the directories (especially the shared directories) need to have the group changed to that of the directory.
Any ideas?
Thanks,
Dave
4 REPLIES 4
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
05-08-2003 04:15 PM
05-08-2003 04:15 PM
Re: setting group id from windows client
A few approaches.
1.) You could have root crank a cron job, looking for new files/structure, run it every 15 minutes. It would be effective, but I know its not what you want.
2.) The better solution is to set up some level of integration between the Windows environment and the Unix environment. I would suggest samba changes and a minor change in your Windows infractructure to make it work.
Essentially, option two would enable samba to validate users based on information from a Windows PDC(Primary Domain Controller).
http://search.hp.com/redirect.html?url=http%3A//forums.itrc.hp.com/cm/QuestionAnswer/1,,0x601736e69499d611abdb0090277a778c,00.html&qt=CIFS+%2BWindows+%2BPDC+%2Bintegration&hit=1
Active directory(just in case)http://search.hp.com/redirect.html?url=http%3A//forums.itrc.hp.com/cm/QuestionAnswer/1,,0x8cf656bd90a9d611abdb0090277a778c,00.html&qt=CIFS+%2BWindows+%2BPDC+%2Bintegration&hit=2
LDAP(This might be useful in this integration.)
http://search.hp.com/redirect.html?url=http%3A//forums.itrc.hp.com/cm/QuestionAnswer/1,,0xd77a19434a69d711abdc0090277a778c,00.html&qt=CIFS+%2BWindows+%2BPDC+%2Bintegration&hit=3
Good Luck,
SEP
Here are some links that contain solutions to the issue:
1.) You could have root crank a cron job, looking for new files/structure, run it every 15 minutes. It would be effective, but I know its not what you want.
2.) The better solution is to set up some level of integration between the Windows environment and the Unix environment. I would suggest samba changes and a minor change in your Windows infractructure to make it work.
Essentially, option two would enable samba to validate users based on information from a Windows PDC(Primary Domain Controller).
http://search.hp.com/redirect.html?url=http%3A//forums.itrc.hp.com/cm/QuestionAnswer/1,,0x601736e69499d611abdb0090277a778c,00.html&qt=CIFS+%2BWindows+%2BPDC+%2Bintegration&hit=1
Active directory(just in case)http://search.hp.com/redirect.html?url=http%3A//forums.itrc.hp.com/cm/QuestionAnswer/1,,0x8cf656bd90a9d611abdb0090277a778c,00.html&qt=CIFS+%2BWindows+%2BPDC+%2Bintegration&hit=2
LDAP(This might be useful in this integration.)
http://search.hp.com/redirect.html?url=http%3A//forums.itrc.hp.com/cm/QuestionAnswer/1,,0xd77a19434a69d711abdc0090277a778c,00.html&qt=CIFS+%2BWindows+%2BPDC+%2Bintegration&hit=3
Good Luck,
SEP
Here are some links that contain solutions to the issue:
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
05-08-2003 09:25 PM
05-08-2003 09:25 PM
Re: setting group id from windows client
Thanks Steven,
after reading all the info on the links I realise that the solution to my problem lies with a better understanding of the Windows system.
We haven't got Active Directory set up properly yet so I need to approach this differently.
I need to ignore the fact that all our files are on a Unix server and treat them like they are in a Windows storage somewhere. I nee to write a batch file that will create the directory structure, including all the permission settings and the inheritances needed to mirror what is happening on the Unix side now.
Another aspect of all this is we also need to change permissions as certain files progress through the various stages of development ie. from being worked on to being issued as an authorised version of a configuration item (drawing or CAD model).
I am looking at using CACLS.exe to change the permissions but I still don't know how to set the inheritance in a batch file.
The batch file/s would nee to be executed by selected users with group permissions (not me as root).
Any clues? (sorry if this getting to be more a windows issue than HP-UX)
Cheers,
Dave
after reading all the info on the links I realise that the solution to my problem lies with a better understanding of the Windows system.
We haven't got Active Directory set up properly yet so I need to approach this differently.
I need to ignore the fact that all our files are on a Unix server and treat them like they are in a Windows storage somewhere. I nee to write a batch file that will create the directory structure, including all the permission settings and the inheritances needed to mirror what is happening on the Unix side now.
Another aspect of all this is we also need to change permissions as certain files progress through the various stages of development ie. from being worked on to being issued as an authorised version of a configuration item (drawing or CAD model).
I am looking at using CACLS.exe to change the permissions but I still don't know how to set the inheritance in a batch file.
The batch file/s would nee to be executed by selected users with group permissions (not me as root).
Any clues? (sorry if this getting to be more a windows issue than HP-UX)
Cheers,
Dave
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
05-09-2003 12:40 AM
05-09-2003 12:40 AM
Re: setting group id from windows client
Add to your share definition in smb.conf for your group somthing like this:
[test]
comment = HP-UX home directory for group esgsx9
path = /h/e5/users/home/WindowsNT/test
browseable = yes
read only = no
writeable = yes
create mask = 0770
directory mode = 2770
valid users = @your_group
write list = @your_group
the @ means that only this group is permitted to access this share and write on it. Have an attention on the "directory mode" parameter in the share definition.
Restart your samba !!
Hope it helps
Do some test with different values.
Roland
[test]
comment = HP-UX home directory for group esgsx9
path = /h/e5/users/home/WindowsNT/test
browseable = yes
read only = no
writeable = yes
create mask = 0770
directory mode = 2770
valid users = @your_group
write list = @your_group
the @ means that only this group is permitted to access this share and write on it. Have an attention on the "directory mode" parameter in the share definition.
Restart your samba !!
Hope it helps
Do some test with different values.
Roland
Sometimes you lose and sometimes the others win
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
05-09-2003 07:06 AM
05-09-2003 07:06 AM
Re: setting group id from windows client
Hi Dave,
To add to Roland's reply; there is some useful information in the O'Reilly Using Samba book (available in paper format or supplied in html format with CIFS/9000.) The section on File permissions and attributes on MS-DOS and Unix in Chapter 5 discusses the various parameters for mapping MS permissions to UX permissions and masking.
There's also a parameter called security mask (this may be specific to newer versions as it isn't in the book, see man smb.conf instead) that is used to limit permission changes from the MS side.
regards,
Darren
To add to Roland's reply; there is some useful information in the O'Reilly Using Samba book (available in paper format or supplied in html format with CIFS/9000.) The section on File permissions and attributes on MS-DOS and Unix in Chapter 5 discusses the various parameters for mapping MS permissions to UX permissions and masking.
There's also a parameter called security mask (this may be specific to newer versions as it isn't in the book, see man smb.conf instead) that is used to limit permission changes from the MS side.
regards,
Darren
Calm down. It's only ones and zeros...
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.
Company
Support
Events and news
Customer resources
© Copyright 2025 Hewlett Packard Enterprise Development LP