[Samba] samba file server in active directory domain - manage acls
mikael.kermorgant at gmail.com
Fri Oct 17 10:57:14 GMT 2008
On Fri, Oct 17, 2008 at 12:56 PM, Mikael Kermorgant <
mikael.kermorgant at gmail.com> wrote:
> On Thu, Oct 16, 2008 at 7:45 PM, Sébastien Prud'homme <
> sebastien.prudhomme at gmail.com> wrote:
>> 2008/10/16 Mikael Kermorgant <mikael.kermorgant at gmail.com>:
>> > Hello,
>> > I'm considering moving our windows shares (2003 domain) to a samba
>> > to improve performance, setup clustering and use scheduled lvm
>> > However, I've not clarified how our current security policy would be
>> > on this server and like to ask you some things (sorry, I'm sure they
>> > have been posted but there is so much on this topic to read I prefer to
>> > again)
>> > Currently, we manage security on our shares by :
>> > * giving full control to everybody at the "share" level
>> > * restricting rights at the "security" level
>> > By switching to samba, we face a set of challenges :
>> > * Changes to our security policy. We will have to manage security at the
>> > linux/samba level and this raises some questions:
>> > - is it still possible to keep the security management at the file level
>> > giving full control at the share level and thus eliminating botherings
>> > this side) ? I know there are some limitations when mapping posix acls
>> > windows one but that might be acceptable.
>> No problem if you edit Posix ACL directly. I advice not to use the
>> Security tab in Windows (when you right click on a file/directory and
>> change the Properties) to modify ACL.
>> > - I've tried to manage posix acls on ext3 via konqueror which I could
>> find a
>> > good alternative to windows' gui but I'd prefer a web front end. Would
>> > have some nice web gui to recommend ?
>> The only one i know is a Webmin module:
Thanks for this info, I'll check how it works.
Regarding your advice not to use the security tab in windows, that's a
possibility I wasn't aware of. If I have understood how it works, you have
to mount the share under a specific letter (S: for example) , and then you
can manage security from there. AS this would surely be the easiest solution
in our migration, could you please indicate what the drawbacks would be ?
More information about the samba