Linux "NT" fileserver to interact with an NT PDC (including A CL a nd group permissions)

Mayers, P J p.mayers at ic.ac.uk
Thu Nov 18 13:27:15 GMT 1999 

No, this isn't possible. You might want to investigate the ext2 ACL patch
(http://major.rithus.co.at/acl/), which would allow you to set more than
(owner,group.other) triples. Samba doesn't yet (I think) support this, so
you can't change the ACLs with (say) Explorer, but I think Jeremy Allison
was working on it.

Cheers,
Phil

> -----Original Message-----
> From:	Paul Rogers [SMTP:paul.rogers at mis-cds.com]
> Sent:	Wednesday, November 17, 1999 9:01 PM
> To:	Multiple recipients of list SAMBA-NTDOM
> Subject:	Linux "NT" fileserver to interact with an NT PDC (including
> ACL a nd group permissions)
> 
> Hi,
> 
> I've been using samba for ages now on my workstation to interact with our
> NT
> network. I rather foolishly suggested that we should have a Linux
> fileserver
> with a RAID-5 system, instead of the NT PDC because it is starting to
> become
> overworked (ahhhh Windows can't cope - again!). I've setup Samba 2.0.3
> correctly to authenticate with our NT PDC on my workstation and all is
> hunky-dory until someone mentioned about NT's ACLs and Group permissions.
> It
> is required by the powers above me that any Group Permissions setup on the
> NT PDC are adhered to by the fileserver (in this case to be a Linux box
> running samba).
> 
> Now this is the crunch bit (because the solution may or may not have
> appeared on this list before - I apologise if this is a repeated
> question).
> If I have an NT fileserver and a Linux fileserver (running SMB), I setup a
> folder within a share that is created on both machines. Within this folder
> I
> place three files (on to both the NT and Linux server). On the NT
> fileserver, I can change the permissions by changing what groups/users
> have
> Read, Change, etc... control in the Permissions tab in the Properties
> window
> (right click on the file). Also I can change Group membership on the NT
> PDC
> and the NT server will follow what the Group lists say on the NT PDC. Can
> I
> do the same with the Linux fileserver (i.e. changing the permissions on
> each
> file so that they are different - i.e. varying groups have varied degrees
> of
> access to the files).
> 
> Imagine:
> 
> PDC:
> 
> Group called Sales which has user1 and user2 belonging to it
> Group called Tech which has user3 and user4 belonging to it
> 
> NT:
> 
> Home directories shared as \\testbox\home from C:\HOME
> Directory called products - C:\HOME\products (\\testbox\home\products)
> Under NT I can modify the permissions on the products directory to be
> readable by the group Tech and read-write access to the group Sales.
> Therefore everyone else has no access to this directory.
> 
> Linux:
> 
> Home directories shared as \\testbox2\home from /home
> Directory called products - /home/products (\\testbox2\home\products)
> Under Linux how would I setup samba to have multiple permissions setup
> over
> multiple groups, because under linux, you can have users belonging to
> multiple groups, but files / directories can only be owned by one group.
> The
> products directory would belong to the group Sales hence owned by
> user1.Sales and the permissions in octal would be 770 disallowing access
> from everyone. But this will not allow for the technical group to have
> read-only access
> 
> Is it possible for a samba share on linux to be able to use the NT
> Groups/Permissions setup on the PDC?
> 
> You're confused aren't you? - I know I am!
> 
> 	Paul Rogers,
> 	Development Analyst.
> 
> 	For and on behalf of MIS Corporate Defence Solutions Limited
> 
> 	Tel:	44 (0)1622 723400	Switchboard
> 		44 (0)1622 723422	Direct Line
> 	Fax:	44 (0)1622 728690
> 
> 	e-mail : paul.rogers at mis-cds.com <mailto:paul.rogers at mis-cds.com>
> 	web site : <http://www.mis-cds.com>
> 
> The information contained in this message or any of its attachments may be
> privileged and confidential and intended for the exclusive use of the
> addressee. If you are not the addressee any disclosure, reproduction,
> distribution or other dissemination or use of this communications is
> strictly prohibited. If you have received this transmission in error,
> please
> contact our Security Manager on 44 (0) 1622 723400.

More information about the samba-ntdom mailing list