[Samba] Problems with Access Control for Shares on Samba 2

kurt weiss maillists at kwnet.at
Sat Jan 29 07:34:00 GMT 2005


hi again :-)

u can use the unix rights to do that:
===========================================================================
if e.g. all users are members of group "win"
hobbit directory must have rights 2770 and has owner root.win
share:
[hobbit]
   comment = only the owner can write
   path = /ALPHA-DATA/hobbit5
   create mode = 0640
   force create mode = 0640
   directory mode = 2770
   force directory mode = 2770

so all users (of group win) has read access and the owner can write.
the "2" bit in directory mode ensures, that newly created directories 
and files has the correct group (win)
===========================================================================
if u want to access all other users, it will be something like this:
[hobbit]
   comment = only the owner can write
   path = /ALPHA-DATA/hobbit5
   create mode = 0644
   force create mode = 0644
   directory mode = 0777
   force directory mode = 0777
===========================================================================
i prefer the first version (it's more secure)

i hope thats the answer u expected...



-- 
mit freundlichen grüssen
========================================================
ing. kurt weiss,             A-6425 Haiming, Gartenweg 3
Tel.: +43 699 1 272 9926    /    Fax: +43 699 4 272 9926
E-Mail: info at kwnet.at
Web: http://www.kwnet.at/ || http://www.oberlandinfo.at/

www.kwnet.at                   ...one step to the future
edv  internet   programmierung   informationstechnologie
mfh servicepoint west                 http://www.mfh.at/
========================================================
empfehlungen:===========================================
suche nach wissen:               http://de.wikipedia.org
legale, gute gratissoftware:  http://www.sourceforge.net
                             http://www.heise.de/software
suche im internet:                  http://www.google.at
========================================================


remote schrieb:

> Hi all !
> 
> I have a question regarding the access control in Samba 2. I want to make shares available to the Windows Network for which only the owner of the share has write access. Other users however should be able to read and browse these shares. 
> My smb.conf : 
> 
> global]
>    workgroup = leat
>    guest account = nobody
>    keep alive = 30
>    os level = 2
>    kernel oplocks = false
>    security = user
> 
> [hobbit5]
>     comment = hobbit5 
>     path = /ALPHA-DATA/hobbit5
>     browseable = yes
>     read only = no 
>     guest = ok
>     valid user = hobbit5 
> ;    force user = hobbit5
> 
> As far as I understand Samba, with this configuration any Samba user should be able to browse and read the hobbit5 - share, while only hobbit5 himself can write and delete within this share. 
> However, what happens is that any Samba user can see the share in the Network Neighborhood, but except for hobbit5, none can enter it. Windows tells me that either the path is not correct or I don´t have the network privileges to do this. 
> 
> What do I do wrong ?
> 
> Thanks,
> 
> Jörg



More information about the samba mailing list