samba problem

Eric "Shubes" plug at shubes.net
Wed Mar 29 13:51:37 MST 2006


Craig White wrote:
> On Wed, 2006-03-29 at 12:13 -0700, Eric "Shubes" wrote:
>> Nathan England wrote:
>>> I have a folder called /files
>>> everyone has access to this folder, but there are a few folders inside that 
>>> only a few people are allowed to access. What is the best way to allow 
>>> everyone access to the /files directory but only allow those required to have 
>>> access to the specific folders inside?
>>>
>>> Do I create a seperate share for each specific folder? 
>>> I want to avoid mapping more drives to the users. Can I change the access 
>>> permissions on the windows machines? I don't want to make it too confusing. 
>>> What is the best way?
>>>
>> I'm not sure of the best way.
>> I think I would create a new group for the 'few people', and make them 
>> members of the group. Then change the groupid of the restricted folders 
>> to the new group, and turn off 'other' permissisions on said folders. 
>> Then you can give the share for /files to everyone.
>> I'm pretty sure that'll work for you, but I'd test it to be sure.
> ----
> this makes sense in that samba understands and respects sgid bits set on
> directories but it does sort of depend upon what the share definitions
> are to begin with as things like force user/group/directory/create all
> have impact.

Various settings can have an impact, but it should work nicely using a 
vanilla (default settings) share. Again, KISS.

> Also I think what Mike Schwartz is alluding to, is that samba is also
> capable of using EACL's if the underlying file system supports them and
> you might be able to use Windows permission tools to set them with the
> proper setup of samba as well (nt acl support)
> 
> the official Samba 3 HowTo might be useful here...
> 
> http://samba.org/samba/docs/man/Samba-HOWTO-Collection/AccessControls.html#id2578475

Great document and reference.

> 
> Craig
> 


-- 
-Eric 'shubes'
****************************************************
This message has been scanned using Contraxx
Technology Group mail server v8.0.3 and is virus free.
Message sent from Mail Server 3
****************************************************


More information about the PLUG-discuss mailing list