Hello, According to "https://wiki.samba.org/index.php/Setting_up_a_Share_Using_Windows_ACLs#Adding_a_Share" tutorial, I added a directory and set a permission for it as below: # mkdir -p /home/share/ # chown root:"login2" share/ # chmod 0770 share/ # chcon -t samba_share_t /home/share/ Then, added below lines into "/usr/local/samba/etc/smb.conf" file: [Share] path = /home/share writable = yes browsable = yes acl_xattr:ignore system acl = yes My users and groups are: # wbinfo -u MYDOMAIN\administrator MYDOMAIN\guest MYDOMAIN\krbtgt MYDOMAIN\user1 MYDOMAIN\user2 MYDOMAIN\user3 MYDOMAIN\user4 MYDOMAIN\user5 # # wbinfo -g MYDOMAIN\cert publishers MYDOMAIN\ras and ias servers MYDOMAIN\allowed rodc password replication group MYDOMAIN\denied rodc password replication group MYDOMAIN\dnsadmins MYDOMAIN\enterprise read-only domain controllers MYDOMAIN\domain admins MYDOMAIN\domain users MYDOMAIN\domain guests MYDOMAIN\domain computers MYDOMAIN\domain controllers MYDOMAIN\schema admins MYDOMAIN\enterprise admins MYDOMAIN\group policy creator owners MYDOMAIN\read-only domain controllers MYDOMAIN\dnsupdateproxy MYDOMAIN\login2 The members of "login2" groups can read and write "share" directory, but other can't. If I want other groups or users have read permission, but not write permission, then what should I do? Thank you.
On 14/05/2021 13:27, Jason Long via samba wrote:> Hello, > According to "https://wiki.samba.org/index.php/Setting_up_a_Share_Using_Windows_ACLs#Adding_a_Share" tutorial, I added a directory and set a permission for it as below: > > # mkdir -p /home/share/ > # chown root:"login2" share/ > # chmod 0770 share/ > # chcon -t samba_share_t /home/share/ > > Then, added below lines into "/usr/local/samba/etc/smb.conf" file: > > [Share] > path = /home/share > writable = yes > browsable = yes > acl_xattr:ignore system acl = yesCan I ask, if you are following the wikipage, why did you use 'writable = yes' instead of the 'read only = no' as shown on the page ? Not that it makes any difference, they both mean the same ?> The members of "login2" groups can read and write "share" directory, but other can't. If I want other groups or users have read permission, but not write permission, then what should I do?Start a Windows client, navigate to the share and set the required permissions from there. Rowland
L.P.H. van Belle
2021-May-17 08:22 UTC
[Samba] Some questions about sharing and permission.
Hai, In general, i would say. Dont use > > # chmod 0770 share/ on a share there more people work in. Your files get "owned" by user and you want it by group .. I would use here https://chmodcommand.com/chmod-2770/ Or https://chmodcommand.com/chmod-3770/ For the base setting, check what fits you best. Test this, make 2 folders Give one 2770 and one 3770 Now goto windows, lookup these folder rights from within windows, see the difference. ;-) And yes, acl_xattr:ignore system acl = yes as Rowland suggested should also work, this depends bit on how you use you system.. Greetz, Louis> -----Oorspronkelijk bericht----- > Van: samba [mailto:samba-bounces at lists.samba.org] Namens > Rowland penny via samba > Verzonden: vrijdag 14 mei 2021 14:46 > Aan: samba at lists.samba.org > Onderwerp: Re: [Samba] Some questions about sharing and permission. > > On 14/05/2021 13:27, Jason Long via samba wrote: > > Hello, > > According to > "https://wiki.samba.org/index.php/Setting_up_a_Share_Using_Win > dows_ACLs#Adding_a_Share" tutorial, I added a directory and > set a permission for it as below: > > > > # mkdir -p /home/share/ > > # chown root:"login2" share/ > > # chmod 0770 share/ > > # chcon -t samba_share_t /home/share/ > > > > Then, added below lines into "/usr/local/samba/etc/smb.conf" file: > > > > [Share] > > path = /home/share > > writable = yes > > browsable = yes > > acl_xattr:ignore system acl = yes > > > Can I ask, if you are following the wikipage, why did you use > 'writable > = yes' instead of the 'read only = no' as shown on the page ? > > Not that it makes any difference, they both mean the same ???? > > > The members of "login2" groups can read and write "share" > directory, but other can't. If I want other groups or users > have read permission, but not write permission, then what should I do? > > > Start a Windows client, navigate to the share and set the required > permissions from there. > > Rowland > > > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba > >