Craig White wrote:
> On Wed, 2006-03-29 at 12:13 -0700, Eric "Shubes" wrote:
>> Nathan England wrote:
>>> I have a folder called /files
>>> everyone has access to this folder, but there are a few folders inside that
>>> only a few people are allowed to access. What is the best way to allow
>>> everyone access to the /files directory but only allow those required to have
>>> access to the specific folders inside?
>>>
>>> Do I create a seperate share for each specific folder?
>>> I want to avoid mapping more drives to the users. Can I change the access
>>> permissions on the windows machines? I don't want to make it too confusing.
>>> What is the best way?
>>>
>> I'm not sure of the best way.
>> I think I would create a new group for the 'few people', and make them
>> members of the group. Then change the groupid of the restricted folders
>> to the new group, and turn off 'other' permissisions on said folders.
>> Then you can give the share for /files to everyone.
>> I'm pretty sure that'll work for you, but I'd test it to be sure.
> ----
> this makes sense in that samba understands and respects sgid bits set on
> directories but it does sort of depend upon what the share definitions
> are to begin with as things like force user/group/directory/create all
> have impact.
Various settings can have an impact, but it should work nicely using a
vanilla (default settings) share. Again, KISS.
> Also I think what Mike Schwartz is alluding to, is that samba is also
> capable of using EACL's if the underlying file system supports them and
> you might be able to use Windows permission tools to set them with the
> proper setup of samba as well (nt acl support)
>
> the official Samba 3 HowTo might be useful here...
>
> http://samba.org/samba/docs/man/Samba-HOWTO-Collection/AccessControls.html#id2578475
Great document and reference.
>
> Craig
>
--
-Eric 'shubes'
****************************************************
This message has been scanned using Contraxx
Technology Group mail server v8.0.3 and is virus free.
Message sent from Mail Server 3
****************************************************
---------------------------------------------------
PLUG-discuss mailing list -
PLUG-discuss@lists.plug.phoenix.az.us
To subscribe, unsubscribe, or to change you mail settings:
http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss