[Samba] subshares ?
ipguy
ipguy at optushome.com.au
Wed Jun 4 13:10:44 GMT 2003
no, my samba is not a PDC, it's a domain member server to an NT4 PDC....
i had already tried exactly what you have suggested and it doesn't work....
no matter what happens, i can access the groupB dir
----- Original Message -----
From: "Marian Mlcoch, Ing" <mm at tsmp.sk>
To: "ipguy" <ipguy at optushome.com.au>
Sent: Wednesday, June 04, 2003 10:48 PM
Subject: Re: [Samba] subshares ?
> When you write in examples i example this:
> If yor PDC is samba with shares you needed then simply set this
>
> rwxrwx--- root groupA driveA
> and all files and subdirs with this in driveA
> except driveB
>
> rwxrwx--- root groupB driveB
> and all files and subdirs with this in driveB
>
> this can change on existing by chmod 770 -R and chown,chgrp simply.
> For creating new files with this you must set proper smb.conf mask
> directives
>
>
> [driveA]
> path = /samba/driveA
> browseable = Yes
> writeable = Yes
> valid users = @groupA
> force group = groupA
>
> [driveB]
> path = /samba/driveA/driveB
> browseable = No
> writeable = Yes
> valid users = @groupB
> force group = groupB
>
> directory mask = 0770 >or inherit
> permissions = yes
> create mask = 0770
>
> Thats all folks!
>
>
> ----- Original Message -----
> From: "ipguy" <ipguy at optushome.com.au>
> To: "Marian Mlcoch, Ing" <mm at tsmp.sk>
> Sent: Wednesday, June 04, 2003 1:46 PM
> Subject: Re: [Samba] subshares ?
>
>
> >
> >
> > > Plus i dont understand
> > > valid users = PDC+groupA < this is one user name?
> > > force group = PDC+groupA
> >
> > "PDC+groupA" is a group on the domain (NT4) i chose to call PDC, as an
> > example
> > so, "valid users = PDC+groupA" means anyone in this domain group can
> access
> > the share
> > and , "force group = PDC+groupA" means, i want to force all files/dir
> > created in this share to belong to the same group, "PDC+groupA"
> >
> > > what is PDC+groupA ?
> >
> > see above....
> >
> > I'm talking winbind here...........
> >
> >
> >
> >
> >
> >
> > > Bye.
> > >
> > > ----- Original Message -----
> > > From: "ipguy" <ipguy at optushome.com.au>
> > > To: "Marian Mlcoch, Ing" <mm at tsmp.sk>
> > > Cc: <samba at lists.samba.org>
> > > Sent: Wednesday, June 04, 2003 11:38 AM
> > > Subject: Re: [Samba] subshares ?
> > >
> > >
> > > > i understand.
> > > > please read my original question....
> > > >
> > > >
> > > >
> > > > ----- Original Message -----
> > > > From: "Marian Mlcoch, Ing" <mm at tsmp.sk>
> > > > To: "ipguy" <ipguy at optushome.com.au>
> > > > Cc: <samba at lists.samba.org>
> > > > Sent: Wednesday, June 04, 2003 6:56 PM
> > > > Subject: Re: [Samba] subshares ?
> > > >
> > > >
> > > > > No you not understand priority of permisions on NT and samba is
this
> > > > > identical but samba without ACL is simples.
> > > > >
> > > > > Highest priority to acces any file is file permision and owner on
> > linux
> > > > > filesystem respect by samba.
> > > > > Secondary is directory permision and ownership with parent respect
> > > > > structure.
> > > > > And last is share definition that set only permision implicit for
> > > network.
> > > > >
> > > > > if share is read only then all under this share is read only used
> over
> > > > this
> > > > > share but another share can be write to this or its subdirs.
> > > > > else if share is writable then only user with suficient name and
> group
> > > to
> > > > > !!share directory!! permision can write to directory structure as
is
> > > > rename
> > > > > delete or create files and subdirs. And only users and groups that
> > have
> > > > suff
> > > > > permision to exist files can read, execute or change it. This all
is
> > > > > controlled by filesystem not over samba conf (if you install
> > filesystem
> > > > with
> > > > > acl then you can set more perms on one file as clasic
> > user-group-other).
> > > > >
> > > > > Samba conf only control settings perm of new files and dirs
created
> > over
> > > > > net.
> > > > >
> > > > > Bye.
> > > > >
> > > > > ----- Original Message -----
> > > > > From: "ipguy" <ipguy at optushome.com.au>
> > > > > To: "John H Terpstra" <jht at samba.org>
> > > > > Cc: <samba at lists.samba.org>
> > > > > Sent: Wednesday, June 04, 2003 10:33 AM
> > > > > Subject: Re: [Samba] subshares ?
> > > > >
> > > > >
> > > > > > so my only option is NT ACL support then...
> > > > > >
> > > > > >
> > > > > >
> > > > > >
> > > > > >
> > > > > > > On Tue, 3 Jun 2003, ipguy wrote:
> > > > > > >
> > > > > > > > hi all...
> > > > > > > > i have what seems a simple question regarding subshares, for
> > lack
> > > of
> > > > a
> > > > > > better term...
> > > > > > > > say i have a share with specific user/group permissions and
a
> > > > > directory
> > > > > > inside the share that i would like to add different user/group
> > > > > > permissions...
> > > > > > > > this is an example of my smb.conf file to illustrate
> > > > > > > >
> > > > > > > > [driveA]
> > > > > > > > path = /samba/driveA
> > > > > > > > browseable = Yes
> > > > > > > > writeable = Yes
> > > > > > > > valid users = PDC+groupA
> > > > > > > > force group = PDC+groupA
> > > > > > > >
> > > > > > > > [driveB]
> > > > > > > > path = /samba/driveA/driveB
> > > > > > > > browseable = No
> > > > > > > > writeable = Yes
> > > > > > > > valid users = PDC+groupB
> > > > > > > > force group = PDC+groupB
> > > > > > > > inherit permissions = No
> > > > > > > >
> > > > > > > > shouldn't this restrict groupA users from accessing the
> subshare
> > > > > called
> > > > > > > > "driveB" located inside the share "/samba/driveA" ??
> > > > > > >
> > > > > > > driveB is a directory in /samba/driveA from the perspective of
> the
> > > > > driveA
> > > > > > > share. IT is NOT a sub-share, there is no such thing in the
> > SMB/CIFS
> > > > > > > protocol specification.
> > > > > > >
> > > > > > > That means that users of the share called driveA will be able
to
> > > > access
> > > > > > > the contents of the directory driveB as permitted by the
> > permissions
> > > > on
> > > > > > > the driveBdirectory.
> > > > > > >
> > > > > > > - John T.
> > > > > > > --
> > > > > > > John H Terpstra
> > > > > > > Email: jht at samba.org
> > > > > >
> > > > > > --
> > > > > > To unsubscribe from this list go to the following URL and read
the
> > > > > > instructions: http://lists.samba.org/mailman/listinfo/samba
> > > > >
> > > >
> > > > --
> > > > To unsubscribe from this list go to the following URL and read the
> > > > instructions: http://lists.samba.org/mailman/listinfo/samba
> > >
>
More information about the samba
mailing list