Samba suggestion. (.smbaccess)

David Lee T.D.Lee at durham.ac.uk
Thu Oct 5 15:16:30 GMT 2000


On Thu, 5 Oct 2000, Ries van Twisk wrote:

> It's just a idea and maybe I'm way off with this, also possible this is 
> not the right list to but here it is.
> 
> would it be nice if a user could create a '.smbaccess' file just like 
> apache does. I understand that this would create some overhead 
> reading and processing this file but this would extend the flexibility of 
> samba a great deal.

As of 2.0.7 there is a feature called "inherit permissions" which might
help.  See the smb.conf(5) man page in 2.0.7 .

This is its history: 

About 18 months ago, we started using Samba in earnest.  In our
preparations before that, one of the limitations I very quickly came
across was the inability to do "per-directory" configuration, such as
within a user's home directory.

I toyed with the idea of implementing a scheme such as you suggest: a
".smb<something>" file to override the share characteristics.  But I
realised that it would be a significant project (not huge, but not
trivial). 

I also realised that there would be ambiguities involving symlinks: if a
symlink went across several directories, what would happen?  Would the
".files" be applied (i.e. modifying the "share" characteristics) by
following the symlink directly or by following through the real path? 

But I then realised:
[1] most of our users were unsophisticated, and wouldn't explicitly
    need this (although we, as their service providers had a particular
    application on their behalf that would need one feature);
[2] for the small, aware, remainder, a much simpler scheme would suffice,
    which would meet 95% of their needs (and their awareness would enable
    them to cope with most of the remaining 5%).
Further, our use in [1], and most of the use in [2] were the same.

So we invented "inherit permissions", which creates all new files and
subdirectories with permissions inherited from the immediate parent. 
Very non-UNIX, but very like the way our users think:
  "this thing (relatively high-level directory) is a private/group/public
  project".

So take a look at 2.0.7's "inherit permissions".  Hope it helps.

-- 

:  David Lee                                I.T. Service          :
:  Systems Programmer                       Computer Centre       :
:                                           University of Durham  :
:  http://www.dur.ac.uk/~dcl0tdl            South Road            :
:                                           Durham                :
:  Phone: +44 191 374 2882                  U.K.                  :





More information about the samba-technical mailing list