oliver at mm.gop.de
Tue Jul 20 20:03:21 GMT 1999
"Cole, Timothy D." wrote:
> Hrm; are you talking about "faking" full ACLs in Samba itself (probably
> using metadata stored in files someplace)
Yes, that's exactly what I need.
I need a "special share" which supports the NT file permissions. So, I
can add quick some users for read or write access for one single file
or directory without building UNIX-groups....
> I'm don't think the former is a good idea: it causes the burden of access
> control to fall on Samba, rather than the OS. Among other things, that
> would allow (indeed, require, if the underlying OS did not support ACLs) the
> access granted by Samba and the OS to get out of sync.
Yes, thats right. Samba has to do the whole access control stuff.
would be a special share like this:
comment = Foo Stuff
path = /samba_fs/foo
full NT acl = yes
acl file = /samba_fs/acl/foo_acl.dbm
force user = foo_user
force group = foo_group
"full NT acl" switch on the NT ACL support and "acl file = ...." is a
holding the NT ACL information. This database can only changed from NT
More information about the samba-technical