[Samba] Prevent deleting/moving of primary directory,
but allow deleting/moving of subdirectories by users
Jeff Boyce
jboyce at meridianenv.com
Wed Mar 1 23:49:24 GMT 2006
Greetings -
In general terms I would like to prevent users from deleting or moving a
primary directory within a share, but allow users to create / delete / move
subdirectories and files that reside under these directories. My reason for
needing this type of setup is to prevent an accidental deletion of a common
directory and to maintain a planned directory structure at the top level of
the share. My system information is listed below.
Linux RHES 3
Samba 3.0.9-1.3
File Server for 8 Windows boxes (2000 and XP)
The share and directory structure that explains what I would like to do is
listed below. We have a small open office where everyone works together on
multiple projects and proposals. The permissions currently set for the
ECOSYSTEM share are read/write/execute (0777) for the entire share, with all
subdirectories inheriting permissions. I would like to be able to allow all
users (or a specified group) to create/delete/move directories such as
Project1, or any files under Project1, as they wish. I would like to
prevent anyone but the administrator with root privileges from accidentally
deleting or moving the Archive, Admin, Marketing, Projects, and Reference
directories. The pertinent details of my smb.conf are also listed below.
ECOSYSTEM
|-----Archive
|-----Admin
|-----Marketing
|-----Proposal1
|-----Proposal2
|-----Projects
|-----Project1
|-----Project2
|-----Reference
smb.conf
#======================= Global Settings
=====================================
[global]
server string = Bison samba server
printcap name = /etc/printcap
load printers = yes
log file = /var/log/samba/%m.log
max log size = 50
unix password sync = yes
pam password change = yes
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
os level = 33
preferred master = yes
password server = None
guest ok = yes
security = SHARE
dns proxy = no
#============================ Share Definitions
==============================
[homes]
comment = Home Directories
browseable = no
writeable = yes
hide dot files = yes
[printers]
comment = All Printers
path = /var/spool/samba
browseable = no
printable = yes
[ecosystem]
path = /ecosystem
writeable = yes
create mask = 0777
directory mask = 0777
inherit permissions = yes
I have searched through the list archives and found discussion of a similar
issue at http://marc.theaimsgroup.com/?l=samba&m=110746845920890&w=2 , but
the solution of the issue is not clearly identified. I have read and
re-read the 'Definitive Guide to Samba 3' without success at understanding
if this is possible or not. If anyone has implemented this type of
permissions setup, can you provide some guidance and details. Thanks for
your assistance.
Jeff Boyce
Meridian Environmental
www.meridianenv.com
More information about the samba
mailing list