[Samba] problems with permissions

Jerry Lowry jlowry at edt.com
Mon Nov 27 20:14:44 UTC 2017 

hi list,

environment:

Windows 2008 Domain

Centos 7 server running samba 4.4.4

Problem:

I am creating a number of samba shares on the Centos server to be used 
on the Domain. Right now I have two major directories setup as shares 
with minor directories being created.

How do I specify read/write permissions on the minor directories without 
having to create a share for each directory?  When I specify a domain 
group the centos server does not see the group.

The configuration now shows multiple shares but it does not preserve the 
read only access in the minor shares.

Here is the config:

[global]
         workgroup = Accounting
         security = ADS
         realm = Accounting.edt.local
         log file = /var/log/samba/%m.log
         log level = 1
        # Default ID mapping configuration for local BUILTIN accounts
        # and groups on a domain member. The default (*) domain:
        # - must not overlap with any domain ID mapping configuration!
        # - must use a read-write-enabled back end, such as tdb.
        # - Adding just this is not enough
        # - You must set a DOMAIN backend configuration, see below
        idmap config * : backend = tdb
        idmap config * : range = 1000000-2000000
#
         username map = /usr/local/etc/samba/user.map

         winbind use default domain = yes

         passdb backend = tdbsam

         printing = cups
         printcap name = cups
         load printers = yes
         cups options = raw

[custinfo]
         path = /cui/admin/Customer Info
         comment = Mfg and Purchasing
         valid users = tiana bob carol jessica janet lynne
         read list = lynne janet jessica
         write list = tiana bob carol
         writable = yes
         browsable = yes

[custorders]

         path = /cui/admin/Customer Orders
         comment = Mfg and Purchasing
         valid users = tiana bob carol jessica janet lynne
         read list = lynne janet jessica
         write list = tiana bob carol
         writable = yes
         browsable = yes

[custdandb]

         path = /cui/admin/Customer credit reports (D&B)
         comment = Mfg and Purchasing
         valid users = tiana bob carol jessica janet lynne
         write list = lynne janet jessica
         read list = tiana bob carol
         writable = yes
         browsable = yes

[acctcui]
         path = /cui/acct
         comment = Accounting CUI Directories
         valid users = jlowry, lynne, janet, jessica
         browsable = yes
         read only = No

[admincui]
         path = /cui/admin
         comment = Accounting CUI Directories
         valid users = jlowry lynne janet jessica bob tiana cynthia jill 
thuylinh carol wendy tom
         browsable = yes
         read only = No


-- 

---------------------------------------------------------------------------
Jerold Lowry
Principal Network/Systems Engineer
Engineering Design Team (EDT), Inc. a HEICO company
3423 NW John Olsen Pl
Hillsboro, Oregon 97124 (U.S.A.)
Phone: 503-690-1234 / 800-435-4320
Fax: 503-690-1243
Web: _www.edt.com <http://www.edt.com/>_

More information about the samba mailing list