[Samba] I would like Samba share writable by some, readable only by other named subscribers ...

John Spence, CCSI, CCNA, CISSP jspence at native6.com
Thu Mar 3 22:44:19 GMT 2005


If I do this, reader1 is denied even directory listing - perhaps because
they are not a valid user?

------- smb.conf -------
[native6-stuff]
   path = /native6-stuff
   valid users = write1 write2 write3
   guest ok = no
   read-list = reader1
   write-list write1 write2 write3
   force group = writers
   public = no
   writable = yes
   printable = no
   create mask = 0664
   directory mask = 0664
------------ end -----------

----------- /etc/group ------------
writers:x:598:write1,write2,write3
-------- end -------


If I do this, reader1 can see the files (good), cannot create files (good),
but can modify (write) existing files (bad!)

------- smb.conf -------

[native6-stuff]
   path = /native6-stuff
   valid users = write1 write2 write3 reader1
   guest ok = no
   read-list = reader1
   write-list write1 write2 write3
   force group = writers
   public = no
   writable = yes
   printable = no
   create mask = 0664
   directory mask = 0664

------------ end -----------

The directory permissions are set so that the three writers are all in the
"writers" group, so the share ends up with files owned by the various three
writers, who can all modify each others files (group privs are read/write),
and the file and directory permissions grant "world" readership.

I want it to allow the three named writers to write, and other Samba users
to list directories and read files only.  I want other people on the network
- people with no valid Samba account at all - to have no access at all.

I obviously have something wrong.  Any hint would make my day.  Thanks

----------------------------------------------------
John Spence, CCSI, CCNA, CISSP
Native6, Inc.
IPv6 Training and Consulting
jspenceNOSPAM at native6.com
www.native6.com
----------------------------------------------------



More information about the samba mailing list