[Samba] force user and read only

Dennis B. Hopp dhopp at coreps.com
Fri Oct 24 15:25:14 GMT 2008

On Fri, 2008-10-24 at 17:08 +0200, Urs Golla wrote:
> This works only if the samba user is also the owner of the file.

Please CC the list so that other users can benefit from this
conversation and if I'm mistaken, somebody else can correct me.

The users (or groups) will still need file system permissions to access
the directories/files, regardless of what samba gives them access to.
So you will need to make sure the permissions on the Linux file system
allow those users/groups access. 

You could place all the developers in a group and give that group read
access (so mode 740).  And then in the smb.conf file use


(the @ sign may have to go outside the quotes, I can't remember off the
top of my head)

Or maybe a better option is the "read list" option instead of "valid

If you aren't using groups (or need more then one group to access it)
then you will need to have the file system mounted with the "acl" option
so that you can place extended acls on the directories for each


> On Fri, Oct 24, 2008 at 5:00 PM, Dennis B. Hopp <dhopp at coreps.com> wrote:
> >
> >
> > On Fri, 2008-10-24 at 08:45 +0200, Urs Golla wrote:
> >> Hi
> >>
> >> I need a share with read-only access for some developers (to read
> >> logfiles). the logfiles are owned by the application user and group
> >> and have 700 permissions. I have set up the share like this:
> >>
> >>         path = /applicationx/logs
> >>         read only = Yes
> >>         valid users =  "MYDOMAIN+DEVELOPER1"
> >>         force user = applicationx
> >>
> >
> > You shouldn't need the "force user" setting if this is read only.  That
> > setting is so that samba will force that user to be the owner of any
> > files written to the share.
> >
> > If you want it to be read only, the only thing you should have to set is
> > "read only = yes".
> >
> > --Dennis
> >
> >

More information about the samba mailing list