[Samba] Samba directory level security
Robert LeBlanc
robert at leblancnet.us
Tue Oct 6 08:11:48 MDT 2009
Is the use of ACLs a possibility? Iv'e explained to someone yesterday how to
use ACLs in Samba with ADS. It works very well for us and we are doing
exactly what you want except that we only share out the root (www directory
in your instance) and control everything using ACLs.
Robert LeBlanc
Life Sciences & Undergraduate Education Computer Support
Brigham Young University
On Tue, Oct 6, 2009 at 7:03 AM, Poulter, Dale
<dale.poulter at vanderbilt.edu>wrote:
> Good morning all,
>
> We are moving our web server from novell to unix (solaris) and will be
> using samba to allow users to edit web pages. Our samba instance
> authenticates using ADS and the users do not necessarily have accounts on
> the server itself. We are attempting to allow users to map a single samba
> share but only see the directories they have read access to (see
> configuration below). Any suggestions?
>
>
> We have
>
> /www (main share)
> /www/dir1
> /www/dir2
> /www/dir3
>
> everyone should map to /www
>
> group should see something like
> dir1
> dir2
> dir3
>
> group2
> dir1
> dir2
>
>
> [www]
> path = /www
> read only = yes
> browseable = no
> guest ok = no
> write list= @Domain\All_Editors
> public = no
> force user=web
> hide unreadable=yes
> [dir1]
> path = /www/dir1
> read only = no
> browseable = no
> guest ok = no
> write list= @Domain\DIR1_Editors
> public = no
> force user=web
> hide unreadable=yes
>
> --Dale
>
> ---------------------------------------
> Dale Poulter
> Automation Coordinator
> Library Information Technology Services
> Vanderbilt University
> Suite 700
> 110 21st Avenue South
> Nashville, TN 37240
> (615)343-5388
> (615)343-8834 (fax)
> (615)207-9705 (cell)
> dale.poulter at vanderbilt.edu<mailto:dale.poulter at vanderbilt.edu>
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/options/samba
>
More information about the samba
mailing list