[Samba] Dir ACL through windows and chmod
Rowland Penny
rpenny at samba.org
Wed Apr 12 09:13:01 UTC 2017
On Wed, 12 Apr 2017 11:26:15 +0300
Dmitry via samba <samba at lists.samba.org> wrote:
> In need folders have to be seen (and accessed) only by appropriate
> domain groups. For example, there are domain groups g01, g02, g03,
> etc, users in these groups have to see only "their" folders: u01 -
> \\fsrv\n\01, u02 - \\fsrv\n\02, u03 - \\fsrv\n\03
> This is done by "Hide unreadable = yes" in smb.conf, by granting
> access (using "Security" tab in windows' folder rights) for concrete
> group to concrete directory and then chmod'ing this folder to 0770.
> But, if then I again modify ACLs through "Security" (for example -
> adding another group access to folder) samba sets 0777 to this folder
> and it becomes "visible" to all others. And I have again set 0770 on
> Samba server. This seems to work, but:
> - not good to windows admins, which only has to know about "Security"
> tab in folder rights;
> - mixing ACLs with unix rights makes a mess and seems not right way
> to solve task.
>
> What is the "right way" to do such task?
>
>
>
You could investigate using 'access based share enum = yes'
and setting the permissions from Windows, see here:
https://wiki.samba.org/index.php/Setting_up_a_Share_Using_Windows_ACLs
You will also need to remove these lines:
valid users = @"Domain Users" @"Domain Admins" @all
admin users = admin @it
# inherit acls = yes
force create mode = 0777
directory mask = 0770
hide unreadable = yes
Rowland
More information about the samba
mailing list