[Samba] require membership to two groups
John Drescher
drescherjm at gmail.com
Thu Dec 30 14:14:52 MST 2010
On Thu, Dec 30, 2010 at 3:56 PM, Christ Schlacta <lists at aarcane.org> wrote:
> I have some shares on a media server that are considdered "Local, offline
> content", namely they should be accessible if the rest of the network is
> down, and each system has it's own group of users who are allowed to
> maintain it. the media servers in the livingroom are only for my wife and
> I, but each person can modify the one in their own bedroom and noone elses
> bedroom. Furthermore, the users must be members of the group "Music" to be
> allowed to modify music, and the group "Videos" to be allowed to modify
> videos. currently my setup looks like this for rebirth:
>
> [videos]
> comment = Rebirth local Videos
> path = /media/local/videos
> write list = @rebirth
> force group = videos
> create mask = 0664
> force create mode = 0664
> directory mask = 0775
> force directory mode = 0775
>
> [music]
> comment = Rebirth local Music
> path = /media/local/music
> write list = @rebirth
> force group = music
> create mask = 0664
> force create mode = 0664
> directory mask = 0775
> force directory mode = 0775
>
> but my fear is that someone not in the music group will still be able to
> write to the shares. is there a way to make it explicitly require BOTH
> groups to allow writing?
Get rid of the force group and properly use ACLs on the *nix filesystem.
John
More information about the samba
mailing list