[Samba] Prevent deleting/moving of primary directory, but allow deleting/moving of subdirectories by users

Jeff Boyce jboyce at meridianenv.com
Wed Mar 1 23:49:24 GMT 2006

Greetings -

In general terms I would like to prevent users from deleting or moving a 
primary directory within a share, but allow users to create / delete / move 
subdirectories and files that reside under these directories.  My reason for 
needing this type of setup is to prevent an accidental deletion of a common 
directory and to maintain a planned directory structure at the top level of 
the share.  My system information is listed below.

Linux RHES 3
Samba 3.0.9-1.3
File Server for 8 Windows boxes (2000 and XP)

The share and directory structure that explains what I would like to do is 
listed below.  We have a small open office where everyone works together on 
multiple projects and proposals.  The permissions currently set for the 
ECOSYSTEM share are read/write/execute (0777) for the entire share, with all 
subdirectories inheriting permissions.  I would like to be able to allow all 
users (or a specified group) to create/delete/move directories such as 
Project1, or any files under Project1, as they wish.  I would like to 
prevent anyone but the administrator with root privileges from accidentally 
deleting or moving the Archive, Admin, Marketing, Projects, and Reference 
directories.  The pertinent details of my smb.conf are also listed below.


#======================= Global Settings 
 server string = Bison samba server
 printcap name = /etc/printcap
 load printers = yes
 log file = /var/log/samba/%m.log
 max log size = 50
 unix password sync = yes
 pam password change = yes
 socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
 os level = 33
 preferred master = yes
 password server = None
 guest ok = yes
 security = SHARE
 dns proxy = no

#============================ Share Definitions 
 comment = Home Directories
 browseable = no
 writeable = yes
 hide dot files = yes

 comment = All Printers
 path = /var/spool/samba
 browseable = no
 printable = yes

 path = /ecosystem
 writeable = yes
 create mask = 0777
 directory mask = 0777
 inherit permissions = yes

I have searched through the list archives and found discussion of a similar 
issue at  http://marc.theaimsgroup.com/?l=samba&m=110746845920890&w=2 , but 
the solution of the issue is not clearly identified.  I have read and 
re-read the 'Definitive Guide to Samba 3' without success at understanding 
if this is possible or not.  If anyone has implemented this type of 
permissions setup, can you provide some guidance and details.  Thanks for 
your assistance.

Jeff Boyce
Meridian Environmental

More information about the samba mailing list