[Samba] access controls on shares

Leandro Ariel Gomez Chavarria lgomez at cencosud.com.ar
Thu Dec 11 18:03:35 GMT 2003


I solve this using the option admin users in shares, like that:

[Finances]
	path = /Groups/Finances
	valid users = @"DOMAIN+Finances"
	admin users = @"DOMAIN+Domain Admins"

Everyone who belongs to the Finances group can access the share, but
can't modify acls from windows, but, everyone who belongs to the Domain
Admins group can modify acls without problem, if you look in the
smbstatus the connection is made by root.

>>> "Gerald (Jerry) Carter" <jerry at samba.org> 12/11/03 02:28pm >>>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

BuSab wrote:
| hello,
|
| I'm trying to set up a samba serveur with access controls on shares,
| like described in chapter 13 section 4 of the samba howto
collection,
| but I didn't succeed.
|
| I don't know if I need to set "security = DOMAIN", to join the
domain
| and/or to use winbind.
|
| My server is a simple domain member (the PDC is a NT4 server). I've
| tried samba 3.0.0 and 2.2.3a on a debian stable box.
|
| I've tried various configurations, on somes, got an error ("access
| denied") on the windows box while setting the ACL on the share, on
| others, got an "access denied" trying to access to the share even
with
| correct ACLs.
|
| Can anybody post a samba smb.conf ready for ACL on shares or explain
me
| a way to configure it?

you must create a local Samba account for root.  Only root
(uid == 0) can set share acls.  We're working on extending this
to use group membership (e.g. Domain Admins) but havne't
finished it yet.




- --
cheers, jerry
~
----------------------------------------------------------------------
~ Hewlett-Packard            -------------------------
http://www.hp.com 
~ SAMBA Team                 ----------------------
http://www.samba.org 
~ GnuPG Key                  ----
http://www.plainjoe.org/gpg_public.asc 
~ "If we're adding to the noise, turn off this song" --Switchfoot
(2003)
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org 

iD8DBQE/2KlRIR7qMdg1EfYRAq3nAKDLfNhhEgctcQqtRqqUMjAk9UsKTQCfcyKG
HfhyXaoSCaf/QuU11B7kX6k=
=+JY0
-----END PGP SIGNATURE-----

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba


More information about the samba mailing list