[Samba] Shared directory contained within another shared directory
Daniel Müller
mueller at tropenklinik.de
Thu Mar 17 08:52:59 MDT 2011
Hello,
why subdirectory!? Just make two simple shares for each group.
Bind them together with dfs
Ex-tree: +human-resources
|
+--hr
|
+--hr_readonly
[global]
Host msdfs=yes
[human-resources]
path = /shared/depts/dfsroot
msdfs root = yes
[hr]
comment = Human Resources
valid users = "@DOMAIN+Personnel"
path = /shared/depts/hr
guest ok = no
read only = no
create mask = 6770
force create mode = 6770
directory mask = 6770
force directory mode = 6770
[shared_hr]
comment = Human Resources Shared information with supervisors
valid users = @DOMAIN+Personnel @"DOMAIN+Domain Admins"
@"DOMAIN+hr_readonly"
path = /shared/depts/hrshared
guest ok = no
writable = yes
read list = @"DOMAIN+hr_readonly"
create mask = 6770
force create mode = 6770
directory mask = 6770
force directory mode = 6770
In /shared/depts/dfsroot as root
Ln -s msdfs:yourserver\\hr hr
Ln -s msdfs;yourserver\\shared_hr shared_hr
-----------------------------------------------
EDV Daniel Müller
Leitung EDV
Tropenklinik Paul-Lechler-Krankenhaus
Paul-Lechler-Str. 24
72076 Tübingen
Tel.: 07071/206-463, Fax: 07071/206-499
eMail: mueller at tropenklinik.de
Internet: www.tropenklinik.de
-----------------------------------------------
-----Ursprüngliche Nachricht-----
Von: samba-bounces at lists.samba.org [mailto:samba-bounces at lists.samba.org] Im
Auftrag von Rod
Gesendet: Donnerstag, 17. März 2011 15:26
An: samba at lists.samba.org
Betreff: [Samba] Shared directory contained within another shared directory
Hello,
I have Samba server running version 3.0.33-3.29.el5_5.1. The Samba
server is a member server of a Windows 2003 domain. Winbind provides
authentication.
We have a physical directory named hr that is shared as "hr" and is
accessible to the HR department. A subdirectory of the hr directory
named hrshared is shared as "hrshared" and should be accessible to
specific users that are not part of the HR department. File system
permissions for the hr directory are set for the domain admin as owner
and the HR department security group (in AD) as the group. The file
system permissions for the hrshared subdirectory are set for domain
admin as owner and the security group that has the people that need
access to the hrshared share. With permissions set as they are, users
who are not part of the HR group are unable to access the hrshared
folder. I'm assuming this is because the hrshared subdirectory is
inheriting permissions from the parent hr directory.
Here's the share specifications in smb.conf
[hr]
comment = Human Resources
valid users = "@DOMAIN+Personnel"
path = /shared/depts/hr
guest ok = no
read only = no
create mask = 6770
force create mode = 6770
directory mask = 6770
force directory mode = 6770
[shared_hr]
comment = Human Resources Shared information with supervisors
valid users = @DOMAIN+Personnel @"DOMAIN+Domain Admins"
@"DOMAIN+hr_readonly"
path = /shared/depts/hr/hrshared
guest ok = no
writable = yes
read list = @"DOMAIN+hr_readonly"
create mask = 6770
force create mode = 6770
directory mask = 6770
force directory mode = 6770
Is there a way to properly share a subdirectory that has different
permissions than the parent directory?
Any help is appreciated. Thanks.
Rod
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
More information about the samba
mailing list