[Samba] How can I prevent deleting of primary directory while allowing full privileges to subdirectories

Jeff Boyce jboyce at meridianenv.com
Tue Mar 7 16:13:45 GMT 2006 

Greetings -

In general terms I would like to prevent users from deleting or moving a
primary directory within a share, but allow users to create / delete / move
subdirectories and files that reside under these directories.  My reason for
needing this type of setup is to prevent an accidental deletion of a common
directory and to maintain a planned directory structure at the top level of
the share.  My system information is listed below.

Linux RHES 3
Samba 3.0.9-1.3
File Server for 8 Windows boxes (2000 and XP)

The share and directory structure that explains what I would like to do is
listed below.  We have a small open office where everyone works together on
multiple projects and proposals.  The permissions currently set for the
ECOSYSTEM share are read/write/execute (0777) for the entire share, with all
subdirectories inheriting permissions.  I would like to be able to allow all
users (or a specified group) to create/delete/move directories such as
Project1, or any files under Project1, as they wish.  I would like to
prevent anyone but the administrator with root privileges from accidentally
deleting or moving the Archive, Admin, Marketing, Projects, and Reference
directories.  The pertinent details of my smb.conf are also listed below.

ECOSYSTEM
   |-----Archive
   |-----Admin
   |-----Marketing
        |-----Proposal1
        |-----Proposal2
   |-----Projects
        |-----Project1
        |-----Project2
   |-----Reference


smb.conf
#============== Global Settings
[global]
 server string = Bison samba server
 printcap name = /etc/printcap
 load printers = yes
 log file = /var/log/samba/%m.log
 max log size = 50
 unix password sync = yes
 pam password change = yes
 socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
 os level = 33
 preferred master = yes
 password server = None
 guest ok = yes
 security = SHARE
 dns proxy = no

#============ Share Definitions
[homes]
 comment = Home Directories
 browseable = no
 writeable = yes
 hide dot files = yes

[printers]
 comment = All Printers
 path = /var/spool/samba
 browseable = no
 printable = yes

[ecosystem]
 path = /ecosystem
 writeable = yes
 create mask = 0777
 directory mask = 0777
 inherit permissions = yes

I have searched through the list archives and found discussion of a similar
issue at  http://marc.theaimsgroup.com/?l=samba&m=110746845920890&w=2 , but
the solution of the issue is not clearly identified.  I have read and
re-read the 'Definitive Guide to Samba 3' without success at understanding
if this is possible or not.  If anyone has implemented this type of
permissions setup, can you provide some guidance and details.  Thanks for
your assistance.

Jeff Boyce
Meridian Environmental
www.meridianenv.com

More information about the samba mailing list