[Samba] Samba Permission

Felipe Augusto van de Wiel felipe at paranacidade.org.br
Tue Sep 19 14:00:29 GMT 2006

Hash: SHA1

On 09/18/2006 09:15 AM, dazamaz escreveu:
> Hi guys,

	Don't forget the girls... :)

> I have been setting up a samba server to share some directorys around my
> office network. Now I have been successful in making these shared directorys
> so that everyone can access them, but what I really need to do is to make
> the shares to have limited accessibility.
> What I need is to have 1 folder that is completely Private to everyone else
> but 1 user and everytime I have tried this using the samba share gui (by
> clicking on the option saying only allow this user) noone, not even that
> 'allowed' user, can access it.

	You can use 'valid users' for that.

> Also I need to make a folder that people can traverse to and read the
> contents of and can dump content into this folder but are not allowed to
> delete any content contained in the folder.

	You can use combinations of 'force user', 'inherit owner',
'force mode' and even FileSystem ACLs.

> I have been able to get the permissions going so that they are read only and
> read/write but I cannot make the permissions to the exact specifcations that
> I need.

	Complex permissions settings needs complex configurations. :)

> 1 more thing, I thought that maybe I needed to use chmod to change the
> permissions on the directorys to allow for this but, correct if I'm wrong
> please, the 3 numbers don't they represent owner, group and then world?
> So with this I decided to make the permissions according to groups but then
> I found out that I needed to allocate the permissions on the 'world' part in
> order for them to be effective over the network. Thus stopping me from using
> groups to allocate permissions.

	In fact, 4 numbers, special bits, owner, group and others.

	But you should use samba resources to take care of permission.
Probably you will need FileSystem ACLs (POSIX ACLs) to handle that.

> Any help on my situation would be greatly appreciated.
> Sorry for the rather lengthy post but I thought if I add as much detail as I
> could it would make it easier for someone to help me out.

	No problem. :)

> Cheers guys,
> sincerely
> daza

	Kind regards,

- --
Felipe Augusto van de Wiel <felipe at paranacidade.org.br>
Coordenadoria de Tecnologia da Informação (CTI) - SEDU/PARANACIDADE
http://www.paranacidade.org.br/           Phone: (+55 41 3350 3300)
Version: GnuPG v1.4.5 (GNU/Linux)
Comment: Using GnuPG with Debian - http://enigmail.mozdev.org


More information about the samba mailing list