[Samba] Samba perms vs. fs perms

Sean Elble elbles at sessys.com
Sat Apr 1 22:56:35 GMT 2006


My comments are included within your original message.

On 4/1/06 5:01 PM, "Steve A" <gmane at rowyerboat.com> wrote:

> The subject's a little misleading really, but I was looking for some
> clarification of my thoughts...
> In Windows, one can use both share permissions and NTFS permissions to
> control access to files. I would normally use share permissions to control a
> connection (allow/deny), and use NTFS to control access. I would never use
> share permissions to control access whilst NTFS was capable of doing it.
> Is this relationship the same for Samba permissions and file system
> permissions? Would you ideally use Samba for connection control, and the
> file system for access control?

It is certainly possible to do things this way, using the valid users and
invalid users parameters in smb.conf. It can get rather cumbersome to use
this method though, particularly if the amount of access control necessary
gets rather fine-grained.

In addition, a lot of UNIX/Linux file systems do not support ACLs as NTFS
does. I know ext2/ext3 and XFS on Linux support ACLs, but I'm not sure if
others do as well. It's something that has been coming for a while on
various *NIX platforms, but it's still a fairly new thing for most systems.
Samba supports underlying ACL file system support on almost all UNIX file
systems that support ACLs themselves, offering great integration with
Windows clients.

> If I can sneak a related question in here... I want a 'public' share, with
> only the owner able to modify their own files, do I just use the sticky bit
> filesystem attribute on the public shared directory?

I'd imagine it would be this simple, with something like permissions of 755
or 655. I'm hoping someone else can post to verify this. :-)

> Many thanks,
> Steve :) 

|  Sean Elble                                     |
|  Virginia Tech                                  |
|  Computer Engineering, Class of 2008            |
|  Vice President, VTLUUG                         |
|  E-Mail:   elbles at sessys.com                    |

More information about the samba mailing list