[Samba] Serving MS Access Databases, with ACL
jayendren anand maduray
jayendren at hivsa.com
Thu Nov 1 14:35:17 GMT 2007
Hi Dale, thanks for the explanation.
I understand were you are coming from now.
I certainly hope to be of help to you someday.
God bless.
Dale Schroeder wrote:
> I have nothing against posix acl's. In fact, I make sure I install
> the acl package on every Debian system I build. It's just a
> preference. I like the way things behave with group permissions. I
> prefer to administer through permissions. If I use posix acl's, it is
> usually to remove a permission rather than add. If it is your
> preference to set controls via acl's, then do what is most comfortable
> for you.
>
> Conversely, I use Windows acl's quite a bit to fine tune access on
> shares _from_ Windows systems. The flexibility is much greater in
> Windows acl's, and do much more for me than posix acl's. That being
> said, I still prefer the power of posix systems for servers, and use
> them whenever feasible. More info
> here: http://us1.samba.org/samba/docs/man/Samba-HOWTO-Collection/AccessControls.html#id376593
>
> I am not the world's foremost expert on nix; just someone like you,
> learning new things, using that which I've experienced to try to help
> someone else. I hope I've done some of that for you! :-\
>
> Dale
>
> jayendren anand maduray wrote:
>> Hi Dale.
>>
>> Thank you for this.
>>
>> I will try some tests.
>> Can you elaborate on why you do not like ACLs?
>> Had some bad experiences?
>>
>> God bless.
>>
>> Dale Schroeder wrote:
>>> Jayendren,
>>>
>>> Rather than acls, my preference (and it's only a preference) would
>>> be to create a group for the database users. Add user1 and user2 to
>>> that group. Then ==>
>>>
>>> chown root.database_group /srv/samba/file-server/studies/databases
>>>
>>> For security, let the permissions of this directory be no greater
>>> than 775. (It looks like that is what you already have.) If you go
>>> with MySQL, you can customize the access levels on a user-by-user
>>> basis on global settings, database settings, table settings, etc.
>>> The security options list is quite extensive. If you prefer GUI
>>> administration of MySQL (I do), Navicat is the program of choice.
>>> http://www.navicat.com/
>>> It's not free, but is an affordable extension to a free database server.
>>>
>>> The only things I would say need changing in your smb.conf are:
>>> create mode = 0775
>>> veto oplock files = /*.mdb/*.MDB*/* #don't forget the trailing
>>> slash (/)
>>>
>>> Good luck to you, Nick, and Nico.
>>>
>>> Dale
>>>
>>> jayendren anand maduray wrote:
>>>> Hi Dale.
>>>>
>>>> Thanks for this, would you guys be able to send me a complete
>>>> example, that would allow read/write access for two users
>>>> (you can call them user1, and user2)
>>>>
>>>> Alternatively, you can comment on this one:
>>>> --
>>>> Creating the directories, and set permissions:
>>>>
>>>> #mkdir /srv/samba/file-server/studies/databases
>>>> #setfacl -R -m u:user1:rwx,u:user2:rwx
>>>> /srv/samba/file-server/studies/databases
>>>> #getfacl /srv/samba/file-server/studies/databases
>>>> # file:
>>>> # owner: root
>>>> # group: root
>>>> user::rwx
>>>> user:user1:rwx
>>>> user:user2:rwx
>>>> group::r-x
>>>> mask::rwx
>>>> other::r-x
>>>>
>>>>
>>>> The share entry in smb.conf:
>>>>
>>>> [databases]
>>>> path = /srv/samba/file-server/studies/databases
>>>> create mode = 0777
>>>> writeable = yes
>>>> browseable = yes
>>>> valid users = user1 user2 root
>>>> writelist = user1 user2 root
>>>> veto oplock files = /*.mdb/*.MDB
>>>> nt acl support = yes
>>>> nt pipe support = yes
>>>> nt status support = yes
>>>> inherit permissions = yes
>>>> inherit acls = yes
>>>>
>>>> #smbcontrol smbd reload-config
>>>> Global parameter acl compatibility found in service section!
>>>> --
>>>> Nick/Nico, we must look at moving access databases to SQL/MySQL
>>>> backends, soon.
>>>> (See message from Dale/David below)
>>>>
>>>> God bless.
>>>>
>>>> Dale Schroeder wrote:
>>>>> jayendren anand maduray wrote:
>>>>>> Hi All.
>>>>>> Greetings from South Africa.
>>>>>>
>>>>>> I have a Samba LDAP server (v 3.022) running on Ubuntu 6.10
>>>>>> Its serving about 200 users, with profiles, and domain logons.
>>>>>>
>>>>>> I want to start serving MS Access Databases on it, with the best
>>>>>> speed performance as possible.
>>>>>> At the moment, the back ends for these databases, are about 200+
>>>>>> MB, and will grow over the next few years.
>>>>>>
>>>>>> Basically, the share should serve about 4 users, with read/write
>>>>>> access.
>>>>>> I am using the XFS file system, with ACL support.
>>>>>>
>>>>>> Has anyone setup such shares in smb.conf?
>>>>>> I would really like to see an example.
>>>>>>
>>>>>> Lastly, I do not think I want to use oplocks.
>>>>> That's a wise choice. In the share, use:
>>>>>
>>>>> veto oplock files = /*.mdb/*.MDB/
>>>>>
>>>>> David's suggestion about splitting the databases into Access
>>>>> frontend and MySQL backend is also wise. It has been my
>>>>> experience that large Access databases corrupt quite easily. That
>>>>> no longer happens in the setup David mentioned.
>>>>>
>>>>> Dale
>>>>>>
>>>>>> Any help, will be greatly appreciated.
>>>>>>
>>>>>> God bless.
>>>>>>
>>>> *Ellison, David* david.ellison at atkinsglobal.com
>>>> <mailto:samba%40lists.samba.org?Subject=%5BSamba%5D%20Serving%20MS%20Access%20Databases%2C%20with%20ACL&In-Reply-To=47288B56.2010206%40hivsa.com>
>>>> /Wed Oct 31 15:03:52 GMT 2007/
>>>> Greetings,
>>>>
>>>> This is a little off topic, but may be usefull to you. If the DB is
>>>> going to grow much more than that, I would use a real SQL backend to the
>>>> database. The MS Access DB backend is ok, however starts to suffer when
>>>> they become huge, by the sounds of things they may. I am sure there are
>>>> people with 700mb, 900mb etc Access databases, but its best to split the
>>>> front end from the database and use a SQL database like MySQl for the
>>>> backend.
>>>>
>>>> Just food for thought :)
>>>>
>>>> Cheers.
>>>> Dave
>>>>
>>>> --
>>>> Jayendren Anand Maduray
>>>> Microsoft Certified Professional
>>>> Network Plus
>>>> Senior IT Administrator
>>>>
>>>> Perinatal HIV Research Unit
>>>> Wits Health Consortium
>>>> University of the Witwatersrand
>>>>
>>>> Alternate email address: jayendren at mweb.co.za
>>>> Fax Number: 0866857317
>>>>
>>>> ...There are 10 types of people,
>>>> those who understand binary
>>>> and those who do not...
>>>>
>>>> ------------------------------------------------------------------------
>>>>
>>>> No virus found in this incoming message.
>>>> Checked by AVG.
>>>> Version: 7.5.503 / Virus Database: 269.15.15/1101 - Release Date: 10/31/2007 10:06 AM
>>>>
>>
>> --
>> Jayendren Anand Maduray
>> Microsoft Certified Professional
>> Network Plus
>> Senior IT Administrator
>>
>> Perinatal HIV Research Unit
>> Wits Health Consortium
>> University of the Witwatersrand
>>
>> Alternate email address: jayendren at mweb.co.za
>> Fax Number: 0866857317
>>
>> ...There are 10 types of people,
>> those who understand binary
>> and those who do not...
>>
>> ------------------------------------------------------------------------
>>
>> No virus found in this incoming message.
>> Checked by AVG.
>> Version: 7.5.503 / Virus Database: 269.15.17/1103 - Release Date: 11/1/2007 6:01 AM
>>
--
Jayendren Anand Maduray
Microsoft Certified Professional
Network Plus
Senior IT Administrator
Perinatal HIV Research Unit
Wits Health Consortium
University of the Witwatersrand
Alternate email address: jayendren at mweb.co.za
Fax Number: 0866857317
...There are 10 types of people,
those who understand binary
and those who do not...
More information about the samba
mailing list