[Samba] simple right question
jeroen.vriesman at hivos.nl
Mon Feb 5 13:37:25 GMT 2007
I got the following situation, a share called "Bureaus", with the follwong
where A,B,C.. are the bureau names
under all the bureau names are directories:
For all the bureau names.
I've got groups, a groups, everyone is a member of "Domain Users", and that's
also always the primary group.
And, a group A, a group B etc, and groups "Task1 A", Task1 B"..."Task2 A" etc.
The simple idea is to give everyone access to Bureaus, only those who are member
of group A can go into /Bureaus/A, and only those who are a member of group
"Task1 A" can go to /Bureaus/A/Task1 and do there whatevery they want.
So fa so good, I've made acl's which allow "Domain Users" to r-x /Bureau,
without passing this to the subdirectories, an acl which allows r-x to group A
(also without allowing this to subfolders) for /Bureau/A, and for
/Bureau/A/Task1 including subdirectories the acl is "allow group Task1
That works fine.
But now for the Archive directory, the /Bureau/A/Archive should be read-only for
members of the group A, and read-write for members of the group "Archive Mods
And that's the problem, if I add an acl (with the windows rights management
stuff) for the group A to have read-only right for /Bureau/A/Archive and
subdirectories, and for the same directories an acl with "allow everything" for
members of the group "Archive Mods A", then the effitive rights for members of
"Archive Mods A" is read-only, since the most restrictive rights apply.
What I expected at first was that the rights would be additive and only a deny
would have the effect which I'm seeing now.
How can I make it work?
The options I have:
global: map acl inherit = Yes
The share /Bureaus:
path = /samba/Bureau
public = no
browseable = yes
writable = yes
printable = no
force create mode = 0770
directory mask = 0770
security mask = 0777
force security mode = 0
directory security mask = 0777
force directory security mode = 0
hide unreadable = yes
More information about the samba