[Samba] Shared directory contained within another shared directory

Rod securitybasics at gmail.com
Wed Mar 23 05:46:28 MDT 2011 

Thanks David. That's what I'm going to do.

On Thu, Mar 17, 2011 at 10:25 PM, David Roid <dataroid at gmail.com> wrote:
> Looking at this "A subdirectory of the hr directory
> named hrshared is shared as "hrshared" and should be accessible to
> specific users that are not part of the HR department.", it's really
> not a good decision to put it under HR directory. Setup another
> directory and share, life will be easier.
>
> 2011/3/18, Rod <securitybasics at gmail.com>:
>> Thanks, everyone. I think I'll just move that particular folder and
>> set up the share.
>>
>> On Thu, Mar 17, 2011 at 11:39 AM, Daniel Müller <mueller at tropenklinik.de>
>> wrote:
>>> IN [global]
>>> This could be:
>>> follow symlinks = yes
>>>  wide links = yes
>>>
>>> in the other groups share make:  ln –s /shared/depts/hr/hrshared
>>> /where/the/link/isset
>>> I think the link is then read only or what you set the permission
>>>
>>>
>>> EDV Daniel Müller
>>>
>>> Leitung EDV
>>> Tropenklinik Paul-Lechler-Krankenhaus
>>> Paul-Lechler-Str. 24
>>> 72076 Tübingen
>>> Tel.: 07071/206-463, Fax: 07071/206-499
>>> eMail: mueller at tropenklinik.de
>>> Internet: www.tropenklinik.de
>>>
>>> Von: Santiago Diez [mailto:chebarbudo at gmail.com]
>>> Gesendet: Donnerstag, 17. März 2011 16:02
>>> An: mueller at tropenklinik.de
>>> Cc: Rod; samba at lists.samba.org
>>> Betreff: Re: [Samba] Shared directory contained within another shared
>>> directory
>>>
>>> In my case, the idea was that one departement already had a folder that
>>> they
>>> were used to and that they wanted to share with the rest.
>>> So instead of moving all the files, it looked simplier to just take this
>>> very folder (it was a little deeper) and share it somewhere else.
>>>
>>> Santiago
>>>
>>> On Thu, Mar 17, 2011 at 3:52 PM, Daniel Müller <mueller at tropenklinik.de>
>>> wrote:
>>> Hello,
>>>
>>> why subdirectory!? Just make two simple shares for each group.
>>> Bind them together with dfs
>>> Ex-tree: +human-resources
>>>         |
>>>         +--hr
>>>         |
>>>         +--hr_readonly
>>>
>>> [global]
>>> Host msdfs=yes
>>>
>>> [human-resources]
>>> path = /shared/depts/dfsroot
>>> msdfs root = yes
>>>
>>> [hr]
>>>        comment = Human Resources
>>>        valid users = "@DOMAIN+Personnel"
>>>        path = /shared/depts/hr
>>>        guest ok = no
>>>        read only = no
>>>        create mask = 6770
>>>        force create mode = 6770
>>>        directory  mask = 6770
>>>        force directory mode = 6770
>>>
>>> [shared_hr]
>>>        comment = Human Resources Shared information with supervisors
>>>        valid users = @DOMAIN+Personnel @"DOMAIN+Domain Admins"
>>> @"DOMAIN+hr_readonly"
>>>        path = /shared/depts/hrshared
>>>        guest ok = no
>>>        writable = yes
>>>        read list = @"DOMAIN+hr_readonly"
>>>        create mask = 6770
>>>        force create mode = 6770
>>>        directory  mask = 6770
>>>        force directory mode = 6770
>>>
>>> In /shared/depts/dfsroot as root
>>>
>>> Ln -s msdfs:yourserver\\hr hr
>>> Ln -s msdfs;yourserver\\shared_hr shared_hr
>>>
>>>
>>> -----------------------------------------------
>>> EDV Daniel Müller
>>>
>>> Leitung EDV
>>> Tropenklinik Paul-Lechler-Krankenhaus
>>> Paul-Lechler-Str. 24
>>> 72076 Tübingen
>>>
>>> Tel.: 07071/206-463, Fax: 07071/206-499
>>> eMail: mueller at tropenklinik.de
>>> Internet: www.tropenklinik.de
>>> -----------------------------------------------
>>> -----Ursprüngliche Nachricht-----
>>> Von: samba-bounces at lists.samba.org [mailto:samba-bounces at lists.samba.org]
>>> Im
>>> Auftrag von Rod
>>> Gesendet: Donnerstag, 17. März 2011 15:26
>>> An: samba at lists.samba.org
>>> Betreff: [Samba] Shared directory contained within another shared
>>> directory
>>>
>>> Hello,
>>>
>>> I have Samba server running version 3.0.33-3.29.el5_5.1. The Samba
>>> server is a member server of a Windows 2003 domain. Winbind provides
>>> authentication.
>>>
>>> We have a physical directory named hr that is shared as "hr" and is
>>> accessible to the HR department. A subdirectory of the hr directory
>>> named hrshared is shared as "hrshared" and should be accessible to
>>> specific users that are not part of the HR department. File system
>>> permissions for the hr directory are set for the domain admin as owner
>>> and the HR department security group (in AD) as the group.  The file
>>> system permissions for the hrshared subdirectory are set for domain
>>> admin as owner and the security group that has the people that need
>>> access to the hrshared share. With permissions set as they are, users
>>> who are not part of the HR group are unable to access the hrshared
>>> folder. I'm assuming this is because the hrshared subdirectory is
>>> inheriting permissions from the parent hr directory.
>>> Here's the share specifications in smb.conf
>>>
>>> [hr]
>>>        comment = Human Resources
>>>        valid users = "@DOMAIN+Personnel"
>>>        path = /shared/depts/hr
>>>        guest ok = no
>>>        read only = no
>>>        create mask = 6770
>>>        force create mode = 6770
>>>        directory  mask = 6770
>>>        force directory mode = 6770
>>>
>>> [shared_hr]
>>>        comment = Human Resources Shared information with supervisors
>>>        valid users = @DOMAIN+Personnel @"DOMAIN+Domain Admins"
>>> @"DOMAIN+hr_readonly"
>>>        path = /shared/depts/hr/hrshared
>>>        guest ok = no
>>>        writable = yes
>>>        read list = @"DOMAIN+hr_readonly"
>>>        create mask = 6770
>>>        force create mode = 6770
>>>        directory  mask = 6770
>>>        force directory mode = 6770
>>>
>>>
>>>
>>> Is there a way to properly share a subdirectory that has different
>>> permissions than the parent directory?
>>>
>>> Any help is appreciated. Thanks.
>>>
>>> Rod
>>> --
>>> To unsubscribe from this list go to the following URL and read the
>>> instructions:  https://lists.samba.org/mailman/options/samba
>>>
>>> --
>>> To unsubscribe from this list go to the following URL and read the
>>> instructions:  https://lists.samba.org/mailman/options/samba
>>>
>>>
>>>
>>> --
>>> ____________________________________________________________________________
>>> _______
>>> TEL +33637908198 - MSN santiago.diez at free.fr - SKYPE chebarbudo - YAHOO
>>> MSG
>>> santiago_diez
>>>
>>>
>> --
>> To unsubscribe from this list go to the following URL and read the
>> instructions:  https://lists.samba.org/mailman/options/samba
>>
>

More information about the samba mailing list