[Samba] ACLs and file/directory access permissions

Marek Bialoglowy mb at systemintegra.com
Tue Apr 29 16:11:14 GMT 2003


Hello,

> I personally use the the unix group permission.  If you are familiar
> with UNIX permissions then it is really easy.

Well, it could be quite hard to use if files have very specific access
rights.

Lets say I have 4 groups.

hrd (users: mark, john)
finance (users: mary, ben)
managers (users: david, daniel)
cs (users: steve, diana)

and now the access rights in share [/projects]

/projects/one
hrd: rw
finance: r
managers.david: rw
all others: forbidden

purpose: I want HRD to work on that project together with managers. Finance
should be able to view the progress but not modify anything.

/projects/two
managers: rw
finance.ben: rw
hrd.mark: r
all others: forbidden

purpose: managers are working on that project with 'ben' from finance. Other
ppl in finance shouldn't have access to this work because it is quite
sensitive project. Mark from HRD is also involved in that project but only
to review some parts of it.

/projects/three
finance: rw
managers: rw
cs.steve: rw
cs.diana: r
all others: forbidden
=== file /projects/three/final-report.doc (managers: rw, finance.mary: r,
others: forbidden)

purpose: all groups are working on that projects, but customer care employee
diana does not have need to modify anything. The final report for the
project is prepared by managers and mary from finance shoudl review if the
numers are correct. Other ppl should not have access to the final report.

If we have 50 projects and everywhere different access rights then I believe
it is very hard to configure it under linux (if possible). Under win2k it is
pretty simple. If I am right maybe 'samba' and Linux is not good solution
for such highly controled shares, even if in simplier environment it works
perfect.

Best Regards,

 M.B.



More information about the samba mailing list