[Samba] How to set file/folder permission flexibly in Samba

Andy Zhou/ICILSZX andyzhou at icil.net
Mon Nov 3 05:59:29 GMT 2008

Hi All,  
I am using Samba 3.0.10 on IBM server with REHL 4 Os. The detailed infromation as below.  
[root at ufhkglx02 samba]# uname -a
Linux ufhkglx02 2.6.9-67.ELsmp #1 SMP Wed Nov 7 13:58:04 EST 2007 i686 i686 i386 GNU/Linux
[root at ufhkglx02 samba]# cat /etc/redhat-release
Red Hat Enterprise Linux ES release 4 (Nahant Update 6)  
[root at ufhkglx02 samba]# smbstatus -V
Version 3.0.25b-0.4E.6  
Currently,  we are planning to migration NT domain to Samba domain, and the file/folders controlled by NT domain controller on NT server will be migrated to Linux server with Samba domain. But the problem is:   
How to restore the permission for file/folders.  
Because in Nt domain, there are some files/folders with special permissions, for example:  
UserA and UserB just read folderA  
UserC and UserD can read/write folderA.  
In Nt domian, it's easy to do so, we can set such permission by click "Security' button in folder A's  Property. But with Samba, it's so difficulty. Because folderA will be migrated to a root directory in Linux server, such as /Dept, that is:  
And we require all users can read/access folder Dept, but cannot access folder A except User A, B, C and D (with special permission). Maybe it can set group to meet such requirement, but we don't like to do so, because it's not flexible, we have large mounts of file/folders with special permission.   
Of course, we can set such settings in smb.conf:  

[Folder A]
         path = /folderA
         valid users = UserA, UserB, UserC, UserD   
         writeable = yes
         read list = UserA, UserB
         write list = UserC, UserD
         create mask = 770
         directory mask = 770  
But with such setting,  the folderA will under / directory, while not /Dept, because we have so many folders need to be shared with special permission, we don't like to set too many folders under  / partition, we need to set those folders all under /Dept.  
Therefore, my questions are:  
1. Is there any way to meet my requirement?   
2. Is  there any way to let user control the permissions by themselves? Because with Samba domain, user cannot change the permissin setting  in folder's security button, even though we set "nt acl support = Yes" in Global setting in smb.conf. Does samba 3.0.25 support "nt acl support"?   
Any pointers will be very appreciated. Thank you.

Best Regards
Andy Zhou/ICILSZX  

More information about the samba mailing list