[Samba] Re: samba acl's

Chris de Vidal cdevidal at yahoo.com
Wed Feb 12 21:07:34 GMT 2003 

--- David.Grudek at anixter.com wrote:
> In samba now, you can 
> have read list or write list and say this user
> and/or group has write 
> and/or this user and/or group has read only.  This
> is a scaled down 
> version of an acl.  What if they created a folder
> called acl's and had one 
> file called no access, one file called read, write,
> change, and full.  An 
> entry inside these files could look similar to:
>  /data = @domain admin, john, steve
> /data/accounting = @domain admin, @accounting, bob
> 
> if these entries were in the change file then samba
> would restrict him 
> accordingly.  I have been trying to get acl's to
> work and it has been 
> difficult to work.  I have been thinking that maybe
> samba could do this 
> for us without having to count on other pieces of
> software.

Hi David, I'm just a system engineer/admin, not a
programmer either, but from what I've seen, Samba uses
User Group Other permissions, which map to normal UGO
Unix permissions stored in the file on the filesystem.
 These basic permissions are sufficient for many uses,
as you can put many users in a group to access a
directory or file.  Unix basically uses this
everywhere, as it's quite flexible.

When you're using the acl patches for EXT2/3 (from
acl.bestbits.at) or you use a filesystem with native
ACL support like XFS, and you compile Samba
--with-acl-support, you get full NT ACL support, where
you'll see several groups accessing a file with
different permissions.  We're using this on several
servers.  You must remember to remount your
filesystems with the acl option, and put it in your
fstab.

Either way, Samba relies on the file system to store
these settings.  This is exactly the same as in the NT
world.  You might have a FAT partition share where the
only permissions are share-level permissions (similar
to read/write lists in smb.conf).  If you have an NTFS
share, file permissions are stored on the file system
and combine with share-level permissions.

For more instructions on adding POSIX ACL support,
search marc.theaimsgroup.com for similar instructions
I'd given about this to other Samba users.  I learned
most of what I know now from "Teach Yourself Samba in
24 Hours," a Sam's book, but I just found out there's
a new O'Reilly "Using Samba" out this month which
should contain more current and perhaps more thorough
information.  Also, check out acl.bestbits.at.

Good luck,
/dev/idal

__________________________________________________
Do you Yahoo!?
Yahoo! Shopping - Send Flowers for Valentine's Day
http://shopping.yahoo.com

More information about the samba mailing list