[Samba] Samba Permission
Felipe Augusto van de Wiel
felipe at paranacidade.org.br
Tue Sep 19 14:00:29 GMT 2006
-----BEGIN PGP SIGNED MESSAGE-----
On 09/18/2006 09:15 AM, dazamaz escreveu:
> Hi guys,
Don't forget the girls... :)
> I have been setting up a samba server to share some directorys around my
> office network. Now I have been successful in making these shared directorys
> so that everyone can access them, but what I really need to do is to make
> the shares to have limited accessibility.
> What I need is to have 1 folder that is completely Private to everyone else
> but 1 user and everytime I have tried this using the samba share gui (by
> clicking on the option saying only allow this user) noone, not even that
> 'allowed' user, can access it.
You can use 'valid users' for that.
> Also I need to make a folder that people can traverse to and read the
> contents of and can dump content into this folder but are not allowed to
> delete any content contained in the folder.
You can use combinations of 'force user', 'inherit owner',
'force mode' and even FileSystem ACLs.
> I have been able to get the permissions going so that they are read only and
> read/write but I cannot make the permissions to the exact specifcations that
> I need.
Complex permissions settings needs complex configurations. :)
> 1 more thing, I thought that maybe I needed to use chmod to change the
> permissions on the directorys to allow for this but, correct if I'm wrong
> please, the 3 numbers don't they represent owner, group and then world?
> So with this I decided to make the permissions according to groups but then
> I found out that I needed to allocate the permissions on the 'world' part in
> order for them to be effective over the network. Thus stopping me from using
> groups to allocate permissions.
In fact, 4 numbers, special bits, owner, group and others.
But you should use samba resources to take care of permission.
Probably you will need FileSystem ACLs (POSIX ACLs) to handle that.
> Any help on my situation would be greatly appreciated.
> Sorry for the rather lengthy post but I thought if I add as much detail as I
> could it would make it easier for someone to help me out.
No problem. :)
> Cheers guys,
Felipe Augusto van de Wiel <felipe at paranacidade.org.br>
Coordenadoria de Tecnologia da Informação (CTI) - SEDU/PARANACIDADE
http://www.paranacidade.org.br/ Phone: (+55 41 3350 3300)
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)
Comment: Using GnuPG with Debian - http://enigmail.mozdev.org
-----END PGP SIGNATURE-----
More information about the samba