[Samba] Shared directory contained within another shared directory
Rod
securitybasics at gmail.com
Thu Mar 17 08:25:53 MDT 2011
Hello,
I have Samba server running version 3.0.33-3.29.el5_5.1. The Samba
server is a member server of a Windows 2003 domain. Winbind provides
authentication.
We have a physical directory named hr that is shared as "hr" and is
accessible to the HR department. A subdirectory of the hr directory
named hrshared is shared as "hrshared" and should be accessible to
specific users that are not part of the HR department. File system
permissions for the hr directory are set for the domain admin as owner
and the HR department security group (in AD) as the group. The file
system permissions for the hrshared subdirectory are set for domain
admin as owner and the security group that has the people that need
access to the hrshared share. With permissions set as they are, users
who are not part of the HR group are unable to access the hrshared
folder. I'm assuming this is because the hrshared subdirectory is
inheriting permissions from the parent hr directory.
Here's the share specifications in smb.conf
[hr]
comment = Human Resources
valid users = "@DOMAIN+Personnel"
path = /shared/depts/hr
guest ok = no
read only = no
create mask = 6770
force create mode = 6770
directory mask = 6770
force directory mode = 6770
[shared_hr]
comment = Human Resources Shared information with supervisors
valid users = @DOMAIN+Personnel @"DOMAIN+Domain Admins"
@"DOMAIN+hr_readonly"
path = /shared/depts/hr/hrshared
guest ok = no
writable = yes
read list = @"DOMAIN+hr_readonly"
create mask = 6770
force create mode = 6770
directory mask = 6770
force directory mode = 6770
Is there a way to properly share a subdirectory that has different
permissions than the parent directory?
Any help is appreciated. Thanks.
Rod
More information about the samba
mailing list