Samba, Apache and SVN. Getting the permissions right

I have two machines I work on:

  1. Windows Client (Development Machine)
  2. Linux Web Server (Ubuntu)

On the Linux server I have installed Apache, Samba and SVN.

I've created a samba share that maps to the htdocs/ directory so that I can access the web files from Windows.

The following illustrates my workflow:

  1. From command line on Linux server I checkout working copies of web projects from remote server into my local Linux server's htdocs directory.
  2. On the Windows machine I access these files (using samba) and edit them in my editor and test them in the web browsers
  3. Back on the Linux machine I checkin my work to the remote server.

The problem I have is that currently for me to be able to edit the files on the Windows box via Samba I have to change the owner of the files to nobody (apache user) and set the Samba share to use SHARE permissions.

When I try to use SVN to commit and update etc. I can't because my Linux user is not 'nobody' and does not have permissions to do so. So I have to become root do an SVN [command] then change all the files back to 'nobody' so that I can't edit on Windows.

What I would like to be able to do is have the web files be owned by my local Linux user which would enable SVN commands to work and for Windows (over samba) to also use this same user.

How can I get this to work, is there a way to get Windows and Linux users to match?


Have the files and directories owned by a group, which Apache runs as. Make the directories SGID.

chgrp -R group1 /path/to/htdocs
find  /path/to/htdocs -type d -exec chmod 2775 {} \;

Specify this group under the SAMBA share, which can be done with force group=group1.

Make the user you authenticate to SAMBA with a member of this group. Specify this user within valid users and write list within your share in SAMBA. This should also allow you commit to SVN.

Also, specify create mask=0664 and directory mask=2775 within smb.conf, which will set the appropriate permissions upon creation. If the files are owned by the same user as Apache, you can set the final bit to 0 on both settings.

If everything is applied consistently, you should be able to perform all desired actions without negatively impacting any functionality.