[Samba] How do i set different permission for a shared
thierry.itty at besancon.org
Fri May 10 07:02:07 GMT 2002
the simpliest way would be to let unix permission system do the job
have only one share : /docusers
each user is connected under its own name (both windows and unix sense)
its home dir is writable for him
all the dirs are readable by the docu group
all you have to do is to set the same primary group for all the users
you would have :
user "paul", primary group "docu", home /docusers/paul
user "peter", primary group "docu", home /docusers/peter
drwxr-xr-x root docu /docusers
drwxr-x--- paul docu /docusers/paul
drwxr-x--- peter docu /docusers/peter
path = /docusers
writable = yes
on the unix side, samba shares /docusers without any restriction, access
permissions are handled at the os level
on the windows side, users connect to only one share, Doc_Users, in which
they are all able to read all files but can't write only in their own
of course this supposes you have no other constraints that would prohibit
such a configuration...
A 01:18 10/05/02 -0500, vous avez écrit :
>Would really appreciate any advise on how the security setting should be
>I have running Samba ver 2.0.7 on HPUX10.20. Clients run Windows 200 PCs,
>"docusers" is the UNIX home directory for document users. their individual
>home dir is created under their user id.
>so, Paul 's home directory structure is :
>Below is an extract from the smb.conf file.
> comment = Private Unix file area (%u)
> path = %H
> writeable = Yes
> create mask = 0750
> strict locking = Yes
> path = /docusers
> valid users = @docu
>With the above, users with UNIX a/c in the docu group can only read all the
>subdirectories under docusers which is mapped as a dir (eg. L:/Doc_Users) in
>their PC's Windows Explorer .
>Now, the requirement is for all users to be able to read all the directories
>under /Doc_Users but be able to write only to his own home directory in the
>same drive mapped (L:).
>I have looked at the samba config file via SWAT but is not very sure how to
>make this happens. In the advanced view, there is additional options for a
>write list and read list. The help says this field can include userid or
>group (@docu), but what is the equivilent of the %u - that is the user id?).
>Really appreciate any advise.
>To unsubscribe from this list go to the following URL and read the
- * - * - * - * - * - * -
Bien sûr que je suis perfectionniste !
Mais ne pourrais-je pas l'être mieux ?
eMail : Thierry.Itty at Besancon.org FRANCE
More information about the samba