[Samba] force user and read only
Dennis B. Hopp
dhopp at coreps.com
Fri Oct 24 15:25:14 GMT 2008
On Fri, 2008-10-24 at 17:08 +0200, Urs Golla wrote:
> This works only if the samba user is also the owner of the file.
>
Please CC the list so that other users can benefit from this
conversation and if I'm mistaken, somebody else can correct me.
The users (or groups) will still need file system permissions to access
the directories/files, regardless of what samba gives them access to.
So you will need to make sure the permissions on the Linux file system
allow those users/groups access.
You could place all the developers in a group and give that group read
access (so mode 740). And then in the smb.conf file use
valid users = "@MYDOMAIN+DEVELOPERGROUP"
(the @ sign may have to go outside the quotes, I can't remember off the
top of my head)
Or maybe a better option is the "read list" option instead of "valid
users"
If you aren't using groups (or need more then one group to access it)
then you will need to have the file system mounted with the "acl" option
so that you can place extended acls on the directories for each
user/group.
--Dennis
> On Fri, Oct 24, 2008 at 5:00 PM, Dennis B. Hopp <dhopp at coreps.com> wrote:
> >
> >
> > On Fri, 2008-10-24 at 08:45 +0200, Urs Golla wrote:
> >> Hi
> >>
> >> I need a share with read-only access for some developers (to read
> >> logfiles). the logfiles are owned by the application user and group
> >> and have 700 permissions. I have set up the share like this:
> >>
> >> path = /applicationx/logs
> >> read only = Yes
> >> valid users = "MYDOMAIN+DEVELOPER1"
> >> force user = applicationx
> >>
> >
> > You shouldn't need the "force user" setting if this is read only. That
> > setting is so that samba will force that user to be the owner of any
> > files written to the share.
> >
> > If you want it to be read only, the only thing you should have to set is
> > "read only = yes".
> >
> > --Dennis
> >
> >
More information about the samba
mailing list