[Samba] Share-based security

Nico Kadel-Garcia nkadel at gmail.com
Sun Feb 5 13:12:17 MST 2012


On Sun, Feb 5, 2012 at 1:15 PM, Chris Smith <smb_77 at chrissmith.org> wrote:
> On Sat, Feb 4, 2012 at 6:22 AM, Bruno Martins <bmartins at galileu.pt> wrote:
>> [formacao]
>>        comment = Partilha Formacao
>>        path = /home/joe/Formacao
>>        guest ok = yes
>>        browseable = yes
>>        read only = no
>>        write list = bmartins, amoreira
>>
>> Share to expose is 'formacao' but I want it to be only writable by two AD users and read-only for everyone else.
>
> Then you would want "read only = yes", yes?

Then the admin users wouldn't be able to write to it, would they?

Another common way to do this is to set the ownership of the share on
the UNIX or Linux server side to be group-writable for agroup that
contains those two administrative users, setting directories with
permissions 2775 to enforce consistent directory ownersip. You can get
fancier with the smb.conf as above, but it's often unnecessary.


More information about the samba mailing list