[Samba] require membership to two groups

[Christ Schlacta]

On 12/30/2010 13:14, John Drescher wrote:
> On Thu, Dec 30, 2010 at 3:56 PM, Christ Schlacta<lists at aarcane.org>  wrote:
>> I have some shares on a media server that are considdered "Local, offline
>> content", namely they should be accessible if the rest of the network is
>> down, and each system has it's own group of users who are allowed to
>> maintain it.  the media servers in the livingroom are only for my wife and
>> I, but each person can modify the one in their own bedroom and noone elses
>> bedroom.  Furthermore, the users must be members of the group "Music" to be
>> allowed to modify music, and the group "Videos" to be allowed to modify
>> videos.  currently my setup looks like this for rebirth:
>>
>> [videos]
>>         comment = Rebirth local Videos
>>         path = /media/local/videos
>>         write list = @rebirth
>>         force group = videos
>>         create mask = 0664
>>         force create mode = 0664
>>         directory mask = 0775
>>         force directory mode = 0775
>>
>> [music]
>>         comment = Rebirth local Music
>>         path = /media/local/music
>>         write list = @rebirth
>>         force group = music
>>         create mask = 0664
>>         force create mode = 0664
>>         directory mask = 0775
>>         force directory mode = 0775
>>
>> but my fear is that someone not in the music group will still be able to
>> write to the shares.  is there a way to make it explicitly require BOTH
>> groups to allow writing?
> Get rid of the force group and properly use ACLs on the *nix filesystem.
>
> John
the system is built around zfs, which sadly doesn't properly support 
*nix ACLs yet.  otherwise I would.  zfs-fuse + ZFS-acls = bad things 
happen easily.