The Culver Academies

If you look at a file in WinSCP, you can see the permissions. If you right click on the file, you can change the permissions in "properties." The rights are by "owner," "group," and "others."

The permissions are indicated in WinSCP with the letters r, w, and x. 

"If read (r) is set on a file, permission is given to view (not change) the contents of the file using an editor or a utility such as cat or more. If read is set on a directory, permission is given to list the contents (or files and subdirectories) within the directory using the ls command.

If write (w) is set on a file, permission is given to change the contents of the file using an editor or a redirector. If write is set on a directory, permission is given to change the contents of the directory; meaning you can create, move, or delete files within the directory.

If execute (x) is set on a file, it can be run as a program or a shell script. If execute is set on a directory, permission is given to cd into that directory."  (source)

The permissions are sometimes given as numbers. The r is 4, the w is 2, and the x is 1. A file with permissions 755, could also be described as having permissions rwxr-xr-x.  

Samba is used to make files available to  Windows clients. The home directories are given permissions 711. The execute bits for group and other allow the user ID that accesses the web server to display home pages to follow the path to the public_html directory. A user from the "other" category, can navigate to a directory internal to "home," but they can't actually see the files there unless they are an authenticated member of the "owners" group. Public_html is the directory for web pages, and the www user has to be able to navigate and read. This directory has permissions 755. The individual pages in "public_html" should be rw for the owner and r for the group and other. Individual pages are created with permissions 644 by default.

When the users are created, the default home directory from /etc/e-smith/skel/user is copied. The permissions are set at this point as well. If you needed to change the default homepage, you would change the contents of the index.htm in the /etc/e-smith/skel/user/home/public_html directory. Every new user created from that point will have the new homepage. 

The default permissions for files created via Samba are directory 755 and file 644. This can be changed in /etc/e-smith/templates-custom/etc/smb.conf/50homes. To activate the change /sbin/e-smith/expand-template /etc/smb.conf and then /etc/rc.d/init.d/smb restart (Beyond Here...) If the new directories created don't have 755 permissions, nonowners (like the www user) won't have access to the pages created inside. At the very least everyone has to have read access to the files created.

Within each user folder there is a folder "private" with permissions 700.  Sensitive documents placed inside a user-created folder can be viewed if a user knows the exact windows path. They can't be modified, and no one can browse to that user-created folder. Anything placed inside the "private" folder can be viewed only by the original owner or an administrator.

Probably you are better off leaving the permissions alone. It is possible to restrict access by IP, etc. but that is a little out of the scope of this howto. The current settings are part of a custom template, so they are a change from the default. Just for the sake of interest or information, the two custom samba templates are homes and primary.