[Samba] How do i set different permission for a shared directory?

Thierry ITTY thierry.itty at besancon.org
Fri May 10 07:02:07 GMT 2002

the simpliest way would be to let unix permission system do the job
have only one share : /docusers
each user is connected under its own name (both windows and unix sense)
its home dir is writable for him
all the dirs are readable by the docu group

all you have to do is to set the same primary group for all the users

you would have :
user "paul", primary group "docu", home /docusers/paul
user "peter", primary group "docu", home /docusers/peter
drwxr-xr-x root docu /docusers
drwxr-x--- paul docu /docusers/paul
drwxr-x--- peter docu /docusers/peter
 path = /docusers
 writable = yes

on the unix side, samba shares /docusers without any restriction, access
permissions are handled at the os level

on the windows side, users connect to only one share, Doc_Users, in which
they are all able to read all files but can't write only in their own

of course this supposes you have no other constraints that would prohibit
such a configuration...


A 01:18 10/05/02 -0500, vous avez écrit :
>Would really appreciate any advise on how the security setting should be
>I have running Samba ver 2.0.7 on HPUX10.20. Clients run Windows 200 PCs,
>WinNT4 PDC.
>"docusers"  is the UNIX home directory for document users. their individual
>home dir is created under their user id.
>so, Paul 's home  directory structure is :
>Below is an extract from the smb.conf  file.
>	comment = Private Unix file area (%u)
>	path = %H
>	writeable = Yes
>	create mask = 0750
>	strict locking = Yes
>	path = /docusers
>	valid users = @docu
>With the above, users with UNIX a/c in the docu group can only read all the
>subdirectories under docusers which is mapped as a dir (eg. L:/Doc_Users) in
>their PC's Windows Explorer . 
>Now, the requirement is for all users to be able to read all the directories
>under /Doc_Users but be able to write only to his own home directory in the
>same drive mapped (L:). 
>I have looked at the samba config file via SWAT but is not very sure how to
>make this happens. In the advanced view, there is additional options for a
>write list and read list. The help says this field can include userid or
>group (@docu), but what is the equivilent of the %u - that is the user id?).
>Really appreciate any advise.
>Thank You.
>To unsubscribe from this list go to the following URL and read the
>instructions:  http://lists.samba.org/mailman/listinfo/samba
			- * - * - * - * - * - * -
Bien sûr que je suis perfectionniste !
Mais ne pourrais-je pas l'être mieux ?
	Thierry ITTY
eMail : Thierry.Itty at Besancon.org		FRANCE

More information about the samba mailing list