samba problem
Craig White
craigwhite at azapple.com
Wed Mar 29 13:32:59 MST 2006
On Wed, 2006-03-29 at 12:13 -0700, Eric "Shubes" wrote:
> Nathan England wrote:
> > I have a folder called /files
> > everyone has access to this folder, but there are a few folders inside that
> > only a few people are allowed to access. What is the best way to allow
> > everyone access to the /files directory but only allow those required to have
> > access to the specific folders inside?
> >
> > Do I create a seperate share for each specific folder?
> > I want to avoid mapping more drives to the users. Can I change the access
> > permissions on the windows machines? I don't want to make it too confusing.
> > What is the best way?
> >
> I'm not sure of the best way.
> I think I would create a new group for the 'few people', and make them
> members of the group. Then change the groupid of the restricted folders
> to the new group, and turn off 'other' permissisions on said folders.
> Then you can give the share for /files to everyone.
> I'm pretty sure that'll work for you, but I'd test it to be sure.
----
this makes sense in that samba understands and respects sgid bits set on
directories but it does sort of depend upon what the share definitions
are to begin with as things like force user/group/directory/create all
have impact.
Also I think what Mike Schwartz is alluding to, is that samba is also
capable of using EACL's if the underlying file system supports them and
you might be able to use Windows permission tools to set them with the
proper setup of samba as well (nt acl support)
the official Samba 3 HowTo might be useful here...
http://samba.org/samba/docs/man/Samba-HOWTO-Collection/AccessControls.html#id2578475
Craig
More information about the PLUG-discuss
mailing list