[Samba] subshares ?

Marian Mlcoch, Ing mm at tsmp.sk
Wed Jun 4 08:56:56 GMT 2003 

No you not understand priority of permisions on NT and samba is this
identical but samba without ACL is simples.

Highest priority to acces any file is file permision and owner on linux
filesystem respect by samba.
Secondary is directory permision and ownership with parent respect
structure.
And last is share definition that set only permision implicit for network.

if share is read only then all under this share is read only used over this
share but another share can be write to this or its subdirs.
else if share is writable then only user with suficient name and group to
!!share directory!! permision can write to directory structure as is rename
delete or create files and subdirs. And only users and groups that have suff
permision to exist files can read, execute or change it. This all is
controlled by filesystem not over samba conf (if you install filesystem with
acl then you can set more perms on one file as clasic user-group-other).

Samba conf only control settings perm of new files and dirs created over
net.

Bye.

----- Original Message -----
From: "ipguy" <ipguy at optushome.com.au>
To: "John H Terpstra" <jht at samba.org>
Cc: <samba at lists.samba.org>
Sent: Wednesday, June 04, 2003 10:33 AM
Subject: Re: [Samba] subshares ?


> so my only option is NT ACL support then...
>
>
>
>
>
> > On Tue, 3 Jun 2003, ipguy wrote:
> >
> > > hi all...
> > > i have what seems a simple question regarding subshares, for lack of a
> better term...
> > > say i have a share with specific user/group permissions and a
directory
> inside the share that i would like to add different user/group
> permissions...
> > > this is an example of my smb.conf file to illustrate
> > >
> > > [driveA]
> > > path = /samba/driveA
> > > browseable = Yes
> > > writeable = Yes
> > > valid users = PDC+groupA
> > > force group = PDC+groupA
> > >
> > > [driveB]
> > > path = /samba/driveA/driveB
> > > browseable = No
> > > writeable = Yes
> > > valid users = PDC+groupB
> > > force group = PDC+groupB
> > > inherit permissions = No
> > >
> > > shouldn't this restrict groupA users from accessing the subshare
called
> > > "driveB" located inside the share "/samba/driveA" ??
> >
> > driveB is a directory in /samba/driveA from the perspective of the
driveA
> > share. IT is NOT a sub-share, there is no such thing in the SMB/CIFS
> > protocol specification.
> >
> > That means that users of the share called driveA will be able to access
> > the contents of the directory driveB as permitted by the permissions on
> > the driveBdirectory.
> >
> > - John T.
> > --
> > John H Terpstra
> > Email: jht at samba.org
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  http://lists.samba.org/mailman/listinfo/samba

More information about the samba mailing list