[Samba] Access control question

Jay Ts jay at metran.cx
Mon Jul 15 13:33:37 GMT 2002

Vicky Clarke wrote:
> In a samba share with domain authentication on an ext2 filesystem, is there 
> any sensible way to allow creation of folders, files and so on inside it 
> other than making the share directory world-writeable on the Unix system?

Look into running winbind on the Samba server. It will allow you to
use the user and group information from the Windows PDC, and they
will appear and function as users and groups on the Samba host
system (Unix).  Using winbind, files and directories on the Unix
system can be owned by domain users whose accounts are maintained
on the Windows PDC.

There is a help file (docs/htmldocs/winbind.html) in the Samba source
tree that covers this.  I will warn you that it is somewhat complicated
to configure. You have to re-configure your name service switch (nsswitch),
and also modify your PAM (pluggable authentication modules) system ...
and you also may need to recompile from source to get the winbindd
daemon, and add it to your system startup scripts (SysV Init).

> I know I've heard about 
> a Linux filesystem which has NT-style ACLs, but I've also heard that it's 
> experimental, which doesn't sound ideal for something that's going to be 
> pretty heavily used.

Windows NT ACLs can be supported on Linux by installing the ACL patch
for the Linux kernel.  Again, this is a relatively complicated procedure.
I wouldn't call it "experimental", it's just a function that isn't
included in the mainstream Linux source code.

Jay Ts
jay at jayts.cx

More information about the samba mailing list