[Samba] require membership to two groups

John Drescher drescherjm at gmail.com
Thu Dec 30 14:14:52 MST 2010


On Thu, Dec 30, 2010 at 3:56 PM, Christ Schlacta <lists at aarcane.org> wrote:
> I have some shares on a media server that are considdered "Local, offline
> content", namely they should be accessible if the rest of the network is
> down, and each system has it's own group of users who are allowed to
> maintain it.  the media servers in the livingroom are only for my wife and
> I, but each person can modify the one in their own bedroom and noone elses
> bedroom.  Furthermore, the users must be members of the group "Music" to be
> allowed to modify music, and the group "Videos" to be allowed to modify
> videos.  currently my setup looks like this for rebirth:
>
> [videos]
>        comment = Rebirth local Videos
>        path = /media/local/videos
>        write list = @rebirth
>        force group = videos
>        create mask = 0664
>        force create mode = 0664
>        directory mask = 0775
>        force directory mode = 0775
>
> [music]
>        comment = Rebirth local Music
>        path = /media/local/music
>        write list = @rebirth
>        force group = music
>        create mask = 0664
>        force create mode = 0664
>        directory mask = 0775
>        force directory mode = 0775
>
> but my fear is that someone not in the music group will still be able to
> write to the shares.  is there a way to make it explicitly require BOTH
> groups to allow writing?

Get rid of the force group and properly use ACLs on the *nix filesystem.

John


More information about the samba mailing list