[Samba] Serving MS Access Databases, with ACL

jayendren anand maduray jayendren at hivsa.com
Thu Nov 1 14:35:17 GMT 2007 

Hi Dale, thanks for the explanation.

I understand were you are coming from now.

I certainly hope to be of help to you someday.

God bless.

Dale Schroeder wrote:
> I have nothing against posix acl's.  In fact, I make sure I install 
> the acl package on every Debian system I build.  It's just a 
> preference.  I like the way things behave with group permissions.  I 
> prefer to administer through permissions.  If I use posix acl's, it is 
> usually to remove a permission rather than add.  If it is your 
> preference to set controls via acl's, then do what is most comfortable 
> for you.
>
> Conversely, I use Windows acl's quite a bit to fine tune access on 
> shares _from_ Windows systems.  The flexibility is much greater in 
> Windows acl's, and do much more for me than posix acl's.  That being 
> said, I still prefer the power of posix systems for servers, and use 
> them whenever feasible. More info 
> here: http://us1.samba.org/samba/docs/man/Samba-HOWTO-Collection/AccessControls.html#id376593
>
> I am not the world's foremost expert on nix; just someone like you, 
> learning new things, using that which I've experienced to try to help 
> someone else.  I hope I've done some of that for you! :-\
>
> Dale
>
> jayendren anand maduray wrote:
>> Hi Dale.
>>
>> Thank you for this.
>>
>> I will try some tests.
>> Can you elaborate on why you do not like ACLs?
>> Had some bad experiences?
>>
>> God bless.
>>
>> Dale Schroeder wrote:
>>> Jayendren,
>>>
>>> Rather than acls, my preference (and it's only a preference) would 
>>> be to create a group for the database users.  Add user1 and user2 to 
>>> that group.  Then ==>
>>>
>>> chown root.database_group /srv/samba/file-server/studies/databases
>>>
>>> For security, let the permissions of this directory be no greater 
>>> than 775.  (It looks like that is what you already have.)  If you go 
>>> with MySQL, you can customize the access levels on a user-by-user 
>>> basis on global settings, database settings, table settings, etc.  
>>> The security options list is quite extensive.  If you prefer GUI 
>>> administration of MySQL (I do), Navicat is the program of choice.  
>>> http://www.navicat.com/
>>> It's not free, but is an affordable extension to a free database server.
>>>
>>> The only things I would say need changing in your smb.conf are:
>>> create mode = 0775
>>> veto oplock files = /*.mdb/*.MDB*/*  #don't forget the trailing 
>>> slash (/)
>>>
>>> Good luck to you, Nick, and Nico.
>>>
>>> Dale
>>>
>>> jayendren anand maduray wrote:
>>>> Hi Dale.
>>>>
>>>> Thanks for this, would you guys be able to send me a complete 
>>>> example, that would allow read/write access for two users
>>>> (you can call them user1, and user2)
>>>>
>>>> Alternatively, you can comment on this one:
>>>> --
>>>> Creating the directories, and set permissions:
>>>>
>>>> #mkdir /srv/samba/file-server/studies/databases
>>>> #setfacl -R -m u:user1:rwx,u:user2:rwx 
>>>> /srv/samba/file-server/studies/databases
>>>> #getfacl /srv/samba/file-server/studies/databases
>>>> # file:
>>>> # owner: root
>>>> # group: root
>>>> user::rwx
>>>> user:user1:rwx
>>>> user:user2:rwx
>>>> group::r-x
>>>> mask::rwx
>>>> other::r-x
>>>>
>>>>
>>>> The share entry in smb.conf:
>>>>
>>>> [databases]
>>>>         path = /srv/samba/file-server/studies/databases
>>>>         create mode = 0777
>>>>         writeable = yes
>>>>         browseable = yes
>>>>         valid users = user1 user2 root
>>>>         writelist = user1 user2 root
>>>>         veto oplock files = /*.mdb/*.MDB
>>>>         nt acl support = yes
>>>>         nt pipe support = yes
>>>>         nt status support = yes
>>>>         inherit permissions = yes
>>>>         inherit acls = yes
>>>>
>>>> #smbcontrol smbd reload-config
>>>> Global parameter acl compatibility found in service section!
>>>> --
>>>> Nick/Nico, we must look at moving access databases to SQL/MySQL 
>>>> backends, soon.
>>>> (See message from Dale/David below)
>>>>
>>>> God bless.
>>>>
>>>> Dale Schroeder wrote:
>>>>> jayendren anand maduray wrote:
>>>>>> Hi All.
>>>>>> Greetings from South Africa.
>>>>>>
>>>>>> I have a Samba LDAP server (v 3.022) running on Ubuntu 6.10
>>>>>> Its serving about 200 users, with profiles, and domain logons.
>>>>>>
>>>>>> I want to start serving MS Access Databases on it, with the  best 
>>>>>> speed performance as possible.
>>>>>> At the moment, the back ends for these databases, are about 200+ 
>>>>>> MB, and will grow over the next few years.
>>>>>>
>>>>>> Basically, the share should serve about 4 users, with read/write 
>>>>>> access.
>>>>>> I am using the XFS file system, with ACL support.
>>>>>>
>>>>>> Has anyone setup such shares in smb.conf?
>>>>>> I would really like to see an example.
>>>>>>
>>>>>> Lastly, I do not think I want to use oplocks.
>>>>> That's a wise choice. In the share, use:
>>>>>
>>>>> veto oplock files = /*.mdb/*.MDB/
>>>>>
>>>>> David's suggestion about splitting the databases into Access 
>>>>> frontend and MySQL backend is also wise.  It has been my 
>>>>> experience that large Access databases corrupt quite easily.  That 
>>>>> no longer happens in the setup David mentioned.
>>>>>
>>>>> Dale
>>>>>>
>>>>>> Any help, will be greatly appreciated.
>>>>>>
>>>>>> God bless.
>>>>>>
>>>> *Ellison, David* david.ellison at atkinsglobal.com 
>>>> <mailto:samba%40lists.samba.org?Subject=%5BSamba%5D%20Serving%20MS%20Access%20Databases%2C%20with%20ACL&In-Reply-To=47288B56.2010206%40hivsa.com>
>>>> /Wed Oct 31 15:03:52 GMT 2007/
>>>> Greetings,
>>>>
>>>> This is a little off topic, but may be usefull to you. If the DB is
>>>> going to grow much more than that, I would use a real SQL backend to the
>>>> database. The MS Access DB backend is ok, however starts to suffer when
>>>> they become huge, by the sounds of things they may. I am sure there are
>>>> people with 700mb, 900mb etc Access databases, but its best to split the
>>>> front end from the database and use a SQL database like MySQl for the
>>>> backend.
>>>>
>>>> Just food for thought :)
>>>>
>>>> Cheers.
>>>> Dave
>>>>
>>>> -- 
>>>> Jayendren Anand Maduray
>>>> Microsoft Certified Professional
>>>> Network Plus
>>>> Senior IT Administrator
>>>>
>>>> Perinatal HIV Research Unit
>>>> Wits Health Consortium
>>>> University of the Witwatersrand
>>>>
>>>> Alternate email address: jayendren at mweb.co.za
>>>> Fax Number: 0866857317
>>>>
>>>> ...There are 10 types of people, 
>>>> those who understand binary 
>>>> and those who do not...
>>>>   
>>>> ------------------------------------------------------------------------
>>>>
>>>> No virus found in this incoming message.
>>>> Checked by AVG. 
>>>> Version: 7.5.503 / Virus Database: 269.15.15/1101 - Release Date: 10/31/2007 10:06 AM
>>>>   
>>
>> -- 
>> Jayendren Anand Maduray
>> Microsoft Certified Professional
>> Network Plus
>> Senior IT Administrator
>>
>> Perinatal HIV Research Unit
>> Wits Health Consortium
>> University of the Witwatersrand
>>
>> Alternate email address: jayendren at mweb.co.za
>> Fax Number: 0866857317
>>
>> ...There are 10 types of people, 
>> those who understand binary 
>> and those who do not...
>>   
>> ------------------------------------------------------------------------
>>
>> No virus found in this incoming message.
>> Checked by AVG. 
>> Version: 7.5.503 / Virus Database: 269.15.17/1103 - Release Date: 11/1/2007 6:01 AM
>>   

-- 
Jayendren Anand Maduray
Microsoft Certified Professional
Network Plus
Senior IT Administrator

Perinatal HIV Research Unit
Wits Health Consortium
University of the Witwatersrand

Alternate email address: jayendren at mweb.co.za
Fax Number: 0866857317

...There are 10 types of people, 
those who understand binary 
and those who do not...

More information about the samba mailing list