[Samba] Share-based security

Nico Kadel-Garcia nkadel at gmail.com
Sun Feb 5 15:09:53 MST 2012


On Sun, Feb 5, 2012 at 4:04 PM, Chris Smith <smb_77 at chrissmith.org> wrote:
> On Sun, Feb 5, 2012 at 3:12 PM, Nico Kadel-Garcia <nkadel at gmail.com> wrote:
>>>> Share to expose is 'formacao' but I want it to be only writable by two AD users and read-only for everyone else.
>>>
>>> Then you would want "read only = yes", yes?
>>
>> Then the admin users wouldn't be able to write to it, would they?
>
> The "write list" parameter overrides the "read only" status for those listed.
> I'm assuming that the two users listed in "write list = " are the the
> two AD users that are desired to be the only ones who can write to the
> share.

And you're correct, the man page points this out.

I've tried to avoid this particular kind of manipulation ever since I
first used Samba (way, way too long ago!!!) because the difference
between the permissions management of of specific shares in smb.conf
and the underlying POSIX compatible filesystem based permissions were
easier to audit, safer and more robust to manage on the fileserver
side, rather than being overlaid or overwritten by any mismatched CIFS
based ownership.


More information about the samba mailing list