Greetings, There is a requirement of Samba server with the following specification: There are two groups: Designers, Draftsmen The share folder hierarchy is Project-->Final Now the Designers groups should have rw rights for Projects and subfolders The draghtsmen should be able to upload only files (not folders) to Final subfolder. They are not allowed to modify/delete anything anywhere. They will not have any permission in project folder any ideas? Thanks and Regards Rajagopal
Rajagopal Swaminathan wrote:> Greetings, > > There is a requirement of Samba server with the following specification: > > There are two groups: Designers, Draftsmen > > The share folder hierarchy is Project-->Final > > Now the Designers groups should have rw rights for Projects and subfolders > > The draghtsmen should be able to upload only files (not folders) to > Final subfolder. They are not allowed to modify/delete anything > anywhere. They will not have any permission in project folder > > any ideas?The permissions you ask for are likely not possible within CentOS (at least not exactly the way you specify them). You can add ACL permissions to the ext3 file system and use that with samba ... but with these controls, you have read (r), write(w), and execute (x) permissions. There are no ways to allow creating files and not folders ... also, if you can create files, you can delete them. The tool setfacl and getfacl can be used to set permissions. This is a good article to start with: http://aisalen.wordpress.com/2007/08/10/acls-on-samba/ Here are a couple more: http://www.centos.org/docs/5/html/Deployment_Guide-en-US/ch-acls.html You will have to also decide HOW you want to integrate this machine into other infrastructure. If you already have some kind of Directory Service (the newer Widows Active Directory Services, Windows NT type Directory control, LDAP on Linux, Red Hat Directory Server, etc.). You will likely want to make same talk to that service, whatever it is. This is a 2 step process ... set up and get working ACLs, then set up and get working samba (this part will depend on what you are integrating with). -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 251 bytes Desc: OpenPGP digital signature URL: <http://lists.centos.org/pipermail/centos/attachments/20090826/4fc8df95/attachment-0002.sig>
> Now the Designers groups should have rw rights for Projects and subfolders > > The draghtsmen should be able to upload only files (not folders) to > Final subfolder. They are not allowed to modify/delete anything > anywhere. They will not have any permission in project folder > > any ideas? >Further to Johnny's post, you can get what you want with ZFS. ZFS supports nfs4 acls which are quite close to NTFS acls. OpenSolaris is probably your next port of call if you do not want another Windows server.
Rajagopal Swaminathan wrote:> Greetings, > > There is a requirement of Samba server with the following specification: > > There are two groups: Designers, Draftsmen > > The share folder hierarchy is Project-->Final > > Now the Designers groups should have rw rights for Projects and subfolders > > The draghtsmen should be able to upload only files (not folders) to > Final subfolder. They are not allowed to modify/delete anything > anywhere. They will not have any permission in project folder > > any ideas?For anything resembling unix filesystem semantics, being able to create and delete files depends on the permissions of the containing directory, although you can constrain deletions to files that you own (the way /tmp works, for example). If can't require a designer to do the move/copy from project to final you might want to look at a revision control system like subversion or a workflow (and more) system like Alfresco where you have greater control over the operations. Subversion saves every revision so even if you delete or modify something you can recall earlier versions. Alfreso can present web/ftp/smb/nfs shares but with some programmed logic controlling who can see/do what. -- Les Mikesell lesmikesell at gmail.com
Rajagopal Swaminathan wrote:> Greetings, > > There is a requirement of Samba server with the following specification: > > There are two groups: Designers, Draftsmen > > The share folder hierarchy is Project-->Final > > Now the Designers groups should have rw rights for Projects and subfolders > > The draghtsmen should be able to upload only files (not folders) to > Final subfolder. They are not allowed to modify/delete anything > anywhere. They will not have any permission in project folder > > any ideas? >You should be able to do that with a inotify script running in the background. Install inotify-tools from rpmforge, manpage has some examples to get you started. Probably need two dirs to work with: files are dumped into "upload", processed by inotify, moved to "final". -- tkb