rpenny at samba.org
Fri Dec 16 13:18:51 UTC 2022
On 16/12/2022 13:01, Piviul via samba wrote:
> I need to share a folder in a way that some groups members have write
> permissions to the share and some other groups members can only read
> files on the share, the others members can't access at all.
> I don't care about acl, all files/directory in the share should have the
> same access. Do you think that disabling acls in a such way
> vfs objects = acl_xattr
> acl_xattr:ignore system acls = yes
> valid users = <read groups list>,<write group list>
> read list = <read groups list>
> write list = <write group list>
> force group = staff
> create mask = 0664
> force create mode = 0664
> directory mask = 0775
> force directory mode = 2775
> would be a good idea
You only need the 'vfs objects' line in '[global]' and the path and
'read only = no' in the share, you then set the permissions from Windows.
if you do add 'acl_xattr:ignore system acls = yes' , it does what it
says, Samba will ignore the system acls.
I suggest you read 'man vfs_acl_xattr' and this wiki page:
If you want to set up Samba as you suggest, only do it on a Unix domain
member and do not set 'vfs objects = acl_xattr'.
More information about the samba