John Spence, CCSI, CCNA, CISSP
2005-Mar-03 23:02 UTC
[Samba] I would like Samba share writable by some, readable only by other named subscribers ...
If I do this, reader1 is denied even directory listing - perhaps because they are not a valid user? ------- smb.conf ------- [native6-stuff] path = /native6-stuff valid users = write1 write2 write3 guest ok = no read-list = reader1 write-list write1 write2 write3 force group = writers public = no writable = yes printable = no create mask = 0664 directory mask = 0664 ------------ end ----------- ----------- /etc/group ------------ writers:x:598:write1,write2,write3 -------- end ------- If I do this, reader1 can see the files (good), cannot create files (good), but can modify (write) existing files (bad!) ------- smb.conf ------- [native6-stuff] path = /native6-stuff valid users = write1 write2 write3 reader1 guest ok = no read-list = reader1 write-list write1 write2 write3 force group = writers public = no writable = yes printable = no create mask = 0664 directory mask = 0664 ------------ end ----------- The directory permissions are set so that the three writers are all in the "writers" group, so the share ends up with files owned by the various three writers, who can all modify each others files (group privs are read/write), and the file and directory permissions grant "world" readership. I want it to allow the three named writers to write, and other Samba users to list directories and read files only. I want other people on the network - people with no valid Samba account at all - to have no access at all. I obviously have something wrong. Any hint would make my day. Thanks ---------------------------------------------------- John Spence, CCSI, CCNA, CISSP Native6, Inc. IPv6 Training and Consulting jspenceNOSPAM@native6.com www.native6.com ----------------------------------------------------
John H Terpstra
2005-May-16 05:16 UTC
[Samba] I would like Samba share writable by some, readable only by other named subscribers ...
On Thursday 03 March 2005 15:44, John Spence, CCSI, CCNA, CISSP wrote:> If I do this, reader1 is denied even directory listing - perhaps because > they are not a valid user?You really are doing this the hard way. Have you considered making the files at the file system level fully read/write for all users and then just setting share level ACLs for access control. This is covered under "Samb Share ACLs". See chapter 14 "File, Directory and Share Access Control" in the Samba-HOWTO-Collection.pdf available from: http://www.samba.org/samba/docs/Samba-HOWTO-Collection.pdf - John T.> > ------- smb.conf ------- > [native6-stuff] > path = /native6-stuff > valid users = write1 write2 write3 > guest ok = no > read-list = reader1 > write-list write1 write2 write3 > force group = writers > public = no > writable = yes > printable = no > create mask = 0664 > directory mask = 0664 > ------------ end ----------- > > ----------- /etc/group ------------ > writers:x:598:write1,write2,write3 > -------- end ------- > > > If I do this, reader1 can see the files (good), cannot create files (good), > but can modify (write) existing files (bad!) > > ------- smb.conf ------- > > [native6-stuff] > path = /native6-stuff > valid users = write1 write2 write3 reader1 > guest ok = no > read-list = reader1 > write-list write1 write2 write3 > force group = writers > public = no > writable = yes > printable = no > create mask = 0664 > directory mask = 0664 > > ------------ end ----------- > > The directory permissions are set so that the three writers are all in the > "writers" group, so the share ends up with files owned by the various three > writers, who can all modify each others files (group privs are read/write), > and the file and directory permissions grant "world" readership. > > I want it to allow the three named writers to write, and other Samba users > to list directories and read files only. I want other people on the > network - people with no valid Samba account at all - to have no access at > all. > > I obviously have something wrong. Any hint would make my day. Thanks > > ---------------------------------------------------- > John Spence, CCSI, CCNA, CISSP > Native6, Inc. > IPv6 Training and Consulting > jspenceNOSPAM@native6.com > www.native6.com > ------------------------------------------------------ John H Terpstra Samba-Team Member Phone: +1 (650) 580-8668 Author: The Official Samba-3 HOWTO & Reference Guide, ISBN: 0131453556 Samba-3 by Example, ISBN: 0131472216 Hardening Linux, ISBN: 0072254971 Other books in production.