[Samba] I would like Samba share writable by some, readable only by other named subscribers ...

John H Terpstra jht at samba.org
Thu Mar 3 23:53:42 GMT 2005


On Thursday 03 March 2005 15:44, John Spence, CCSI, CCNA, CISSP wrote:
> If I do this, reader1 is denied even directory listing - perhaps because
> they are not a valid user?

You really are doing this the hard way. Have you considered making the files 
at the file system level fully read/write for all users and then just setting 
share level ACLs for access control. This is covered under "Samb Share ACLs".

See chapter 14 "File, Directory and Share Access Control" in the 
Samba-HOWTO-Collection.pdf available from:

http://www.samba.org/samba/docs/Samba-HOWTO-Collection.pdf

- John T.

>
> ------- smb.conf -------
> [native6-stuff]
>    path = /native6-stuff
>    valid users = write1 write2 write3
>    guest ok = no
>    read-list = reader1
>    write-list write1 write2 write3
>    force group = writers
>    public = no
>    writable = yes
>    printable = no
>    create mask = 0664
>    directory mask = 0664
> ------------ end -----------
>
> ----------- /etc/group ------------
> writers:x:598:write1,write2,write3
> -------- end -------
>
>
> If I do this, reader1 can see the files (good), cannot create files (good),
> but can modify (write) existing files (bad!)
>
> ------- smb.conf -------
>
> [native6-stuff]
>    path = /native6-stuff
>    valid users = write1 write2 write3 reader1
>    guest ok = no
>    read-list = reader1
>    write-list write1 write2 write3
>    force group = writers
>    public = no
>    writable = yes
>    printable = no
>    create mask = 0664
>    directory mask = 0664
>
> ------------ end -----------
>
> The directory permissions are set so that the three writers are all in the
> "writers" group, so the share ends up with files owned by the various three
> writers, who can all modify each others files (group privs are read/write),
> and the file and directory permissions grant "world" readership.
>
> I want it to allow the three named writers to write, and other Samba users
> to list directories and read files only.  I want other people on the
> network - people with no valid Samba account at all - to have no access at
> all.
>
> I obviously have something wrong.  Any hint would make my day.  Thanks
>
> ----------------------------------------------------
> John Spence, CCSI, CCNA, CISSP
> Native6, Inc.
> IPv6 Training and Consulting
> jspenceNOSPAM at native6.com
> www.native6.com
> ----------------------------------------------------

-- 
John H Terpstra
Samba-Team Member
Phone: +1 (650) 580-8668

Author:
The Official Samba-3 HOWTO & Reference Guide, ISBN: 0131453556
Samba-3 by Example, ISBN: 0131472216
Hardening Linux, ISBN: 0072254971
Other books in production.


More information about the samba mailing list