multilevel directory security levels in samba

David Collier-Brown davec-b at
Sun Oct 17 15:08:06 GMT 2004

tommy trojan <usc_trojan81 at> wrote:
| i would like to know how multilevel directory security can be
| implemented in samba. for example, if i have a folder called
|  public,which can be accessed by anyone and inside it i have
| a folder called private, which can be accessed by selected
| users only. Is there a way of implementing such an architecture?

   In samba as such, not directly.  Samba only understands DAC
(discretionary access control), the only MAC (mandatory access
control) is in the allow and deny lists.
   It can be approximated by ACLs or permissions, below the
level of samba, but I think there is a possible hole in
the smb mount programs, which could dodge this IFF the
mount was done as root on the client...

--dave (it's been a long time since I did
          proof schemas for secure systems (;-)) c-b
David Collier-Brown,         | Always do right. This will gratify
Software Engineer and Author | some people and astonish the rest
davecb at           |                      -- Mark Twain

More information about the samba-technical mailing list