multilevel directory security levels in samba
David Collier-Brown
davec-b at rogers.com
Sun Oct 17 15:08:06 GMT 2004
tommy trojan <usc_trojan81 at yahoo.co.uk> wrote:
| i would like to know how multilevel directory security can be
| implemented in samba. for example, if i have a folder called
| public,which can be accessed by anyone and inside it i have
| a folder called private, which can be accessed by selected
| users only. Is there a way of implementing such an architecture?
In samba as such, not directly. Samba only understands DAC
(discretionary access control), the only MAC (mandatory access
control) is in the allow and deny lists.
It can be approximated by ACLs or permissions, below the
level of samba, but I think there is a possible hole in
the smb mount programs, which could dodge this IFF the
mount was done as root on the client...
--dave (it's been a long time since I did
proof schemas for secure systems (;-)) c-b
--
David Collier-Brown, | Always do right. This will gratify
Software Engineer and Author | some people and astonish the rest
davecb at spamcop.net | -- Mark Twain
More information about the samba-technical
mailing list