[Samba] Access control question.

Andrew Sherlock-CF andrew.sherlock at bbc.co.uk
Wed Nov 21 17:06:48 GMT 2007 

Is it out of the question to create many different shares and then
secure the system on a per-share basis?

I'm securing shares individually using Active Directory.
In each share config I have:
valid users=@MR_ADGROUP_FOR_WRITING @MR_ADGROUP_FOR_READING
write list=@MR_ADGROUP_FOR_WRITING
read list=@MR_ADGROUP_FOR_READING

Create different groups for each share and you're golden.

Of course, this model can be followed without AD.

------------------- 

> -----Original Message-----
> From: samba-bounces+andrew.sherlock=bbc.co.uk at lists.samba.org 
> [mailto:samba-bounces+andrew.sherlock=bbc.co.uk at lists.samba.or
> g] On Behalf Of Matt Lozier
> Sent: 21 November 2007 15:58
> To: samba at lists.samba.org
> Subject: [Samba] Access control question.
> 
> Hello,
> 
>  
> 
> I have a general administrative question concerning Samba shares.
> 
>  
> 
> I have a large amount of data that about 25 users have 
> limited access to.  I
> only want these users to have access to a sub-set of this 
> data, but I also
> only want the users to see that which they have access to.
> 
>  
> 
> So, for example, suppose that the share looks like thus: 
> 
> /smbshare
> 
> /smbshare/dir1
> 
> /smbshare/dir2
> 
> /smbshare/dir3
> 
>  
> 
> And I only want the users to see that they have access to 
> /smbshare/dir1 and
> /smbshare/dir3.  The way that this is currently setup is that I have
> symlinks from the user's home directory to /smbshare/dir1 and
> /smbshare/dir3.  That way then the user maps their home 
> share, they only see
> dir1 and dir3 - dir2 is out of sight, and thus (hopefully) 
> out of mind.
> 
>  
> 
> Is there a better way to implement what I'm trying to do?  
> I'm currently
> looking into setting up permissions as an LDAP directory and 
> using this as
> the means to control access to the data - have also 
> considered using ACLs -
> not sure which way to go!
> 
>  
> 
> Any and all help / input is appreciated.
> 
>  
> 
> Thank you,
> 
> Matt
> 
> -- 
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/listinfo/samba
> 

http://www.bbc.co.uk/
This e-mail (and any attachments) is confidential and may contain personal views which are not the views of the BBC unless specifically stated.
If you have received it in error, please delete it from your system.
Do not use, copy or disclose the information in any way nor act in reliance on it and notify the sender immediately.
Please note that the BBC monitors e-mails sent or received.
Further communication will signify your consent to this.

More information about the samba mailing list