[Samba] Re: How to create a write-only share?

[Scott Lovenberg]

Ash Gosh wrote:
> On Fri, Apr 4, 2008 at 6:55 PM, Ash Gosh <gosha.asha at gmail.com> wrote:
>
>   
>> Hi!
>>
>> I need to create a share that will be readoble by root only (by owner) and
>> writeable for all. We replacing a dead Windows NT 4.0 server and there was a
>> permission type called "Add" and our users uses this type of permission
>> often. They creates a shares where other users can add files but can not
>> read or even list it. I saw a thread here called "How to make "Add
>> permission" for folder in system withntacl support?<http://archives.free.net.ph/message/20071031.173732.50cc2cef.en.html>"
>> but there was no solution published. I beleive that there is a solution, I
>> hope so.
>>
>>     
>
>
> Hello,
>
> It's me again, sorry for bothering. Does this problem has a solution? I need
> to replace a dead Win NT 4 server qickly so please let's start a discussion.
> Maby I'll need to select an filesystem other than ext3 or even the server
> OS, to Solaris with ZFS for example? Please help
>
> Thanks in advance,
> Ash.
>   
I think I did this once a couple of years ago using NT style policy and 
the firewall policy object.  IIRC, I did it all at the file system 
level; each computers' SYSTEM service was allowed to write to a text 
file that it couldn't read.  The files was owned as "root:someGroup" 
with 720 perms.  This file was in a directory called 'logs' owned 
"root:someGroup" with 710 perms.  The directory that 'logs' was 
contained within was owned by "root:someGroup" with 710 perms and was 
exported as a hidden share (I think I used the '$' hidden share trick), 
which 'someGroup' was allowed to write to.  That's off the top of my 
head, and it may not be correct, but if you can mock it up with VMWare 
and a liveCD, that will at least get the ball rolling, I hope.  I'm 
fairly sure it worked as advertised, but it never made it to production, 
so I didn't document it or anything.