[Samba] Samba directory level security

Poulter, Dale dale.poulter at Vanderbilt.Edu
Tue Oct 6 09:42:43 MDT 2009


Robert,

ACLs may be possible.  Do I understand correctly that you only have the one share and you still force the user to be the webserver user?

From: Robert LeBlanc [mailto:robert at leblancnet.us]
Sent: Tuesday, October 06, 2009 9:12 AM
To: Poulter, Dale
Cc: samba at lists.samba.org
Subject: Re: [Samba] Samba directory level security

Is the use of ACLs a possibility? Iv'e explained to someone yesterday how to use ACLs in Samba with ADS. It works very well for us and we are doing exactly what you want except that we only share out the root (www directory in your instance) and control everything using ACLs.

Robert LeBlanc
Life Sciences & Undergraduate Education Computer Support
Brigham Young University

On Tue, Oct 6, 2009 at 7:03 AM, Poulter, Dale <dale.poulter at vanderbilt.edu<mailto:dale.poulter at vanderbilt.edu>> wrote:
Good morning all,

We are moving our web server from novell to unix (solaris) and will be using samba to allow users to edit web pages.  Our samba instance authenticates using ADS and the users do not necessarily have accounts on the server itself.  We are attempting to allow users to map a single samba share but only see the directories they have read access to (see configuration below).  Any suggestions?


We have

/www (main share)
/www/dir1
/www/dir2
/www/dir3

everyone should map to /www

group should see something like
dir1
dir2
dir3

group2
dir1
dir2


[www]
      path = /www
      read only = yes
      browseable = no
      guest ok = no
      write list= @Domain\All_Editors
      public = no
      force user=web
      hide unreadable=yes
[dir1]
      path = /www/dir1
      read only = no
      browseable = no
      guest ok = no
      write list= @Domain\DIR1_Editors
      public = no
      force user=web
      hide unreadable=yes

--Dale

---------------------------------------
Dale Poulter
Automation Coordinator
Library Information Technology Services
Vanderbilt University
Suite 700
110 21st Avenue South
Nashville, TN  37240
(615)343-5388
(615)343-8834 (fax)
(615)207-9705 (cell)
dale.poulter at vanderbilt.edu<mailto:dale.poulter at vanderbilt.edu><mailto:dale.poulter at vanderbilt.edu<mailto:dale.poulter at vanderbilt.edu>>

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba



More information about the samba mailing list