I'm looking to set up a samba server which will host directories for multiple projects. Each user in the system will have a list of projects which he/she can access. The trick is that I want each users to be able to see the directories for only those projects he/she has access to. Not being able to see into the directories of unauthorized projects isn't enough, they shouldn't even see the top level directory for the project. My closest attempt at this was to create a linux user group for each project and have each project group list the members who could access it. Then for each user, I create a symlink in that users home directory for each project he has access to. So far we're good, each users only sees the right projects. Where I ran into trouble was when a user tried to create a new file - that file was owned by that user as expected, but the group was the primary group of that user (which makes sense), but I need it to be the project group so the other project members can read/write the file. I could create a samba share for each project and force the group used for file creates, but that would violate my requirement that each user only see the projects (in this case which would be shares) that they are entitled to see. This system is meant to replace an old netware server which did exactly what was desired - the user could only see what they actually had access to. Anyone have any ideas? Steve Prior
If you could implement acl support on your system and compile samba with acl support, you probably could do it based on users. There you can set the permissions on the directories and files for individual users. This probably will require either ext3 or xfs file system if I recall correctly. -----Original Message----- From: Steve Prior [mailto:sprior@geekster.com] Sent: Thursday, February 07, 2002 9:23 PM To: samba@lists.samba.org Subject: [Samba] Samba server for multiple users and projects I'm looking to set up a samba server which will host directories for multiple projects. Each user in the system will have a list of projects which he/she can access. The trick is that I want each users to be able to see the directories for only those projects he/she has access to. Not being able to see into the directories of unauthorized projects isn't enough, they shouldn't even see the top level directory for the project. My closest attempt at this was to create a linux user group for each project and have each project group list the members who could access it. Then for each user, I create a symlink in that users home directory for each project he has access to. So far we're good, each users only sees the right projects. Where I ran into trouble was when a user tried to create a new file - that file was owned by that user as expected, but the group was the primary group of that user (which makes sense), but I need it to be the project group so the other project members can read/write the file. I could create a samba share for each project and force the group used for file creates, but that would violate my requirement that each user only see the projects (in this case which would be shares) that they are entitled to see. This system is meant to replace an old netware server which did exactly what was desired - the user could only see what they actually had access to. Anyone have any ideas? Steve Prior -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
William R. Knox
2002-Feb-08 08:19 UTC
[Samba] Samba server for multiple users and projects
Do a chmod g+s on all the directories that house project shares. This forces any files created under the directory to be owned by the same group as the directory. You may also want to look at either the "force directory mode" or the "inherit permissions" parameters in your smb.conf. Let me know if this does the trick for you. Good luck! Bill Knox Senior Operating Systems Programmer/Analyst The MITRE Corporation On Fri, 8 Feb 2002, Steve Prior wrote:> Date: Fri, 08 Feb 2002 00:22:51 -0500 > From: Steve Prior <sprior@geekster.com> > To: samba@lists.samba.org > Subject: [Samba] Samba server for multiple users and projects > > I'm looking to set up a samba server which will host directories > for multiple projects. Each user in the system will have a list > of projects which he/she can access. The trick is that I want > each users to be able to see the directories for only those > projects he/she has access to. Not being able to see into the > directories of unauthorized projects isn't enough, they shouldn't > even see the top level directory for the project. > > My closest attempt at this was to create a linux user group for each > project and have each project group list the members who could > access it. Then for each user, I create a symlink in that users > home directory for each project he has access to. So far we're good, > each users only sees the right projects. Where I ran into trouble > was when a user tried to create a new file - that file was owned > by that user as expected, but the group was the primary group of that > user (which makes sense), but I need it to be the project group so > the other project members can read/write the file. > > I could create a samba share for each project and force the group > used for file creates, but that would violate my requirement that > each user only see the projects (in this case which would be shares) > that they are entitled to see. > > This system is meant to replace an old netware server which did exactly > what was desired - the user could only see what they actually had access > to. > > Anyone have any ideas? > > Steve Prior > > -- > To unsubscribe from this list go to the following URL and read the > instructions: http://lists.samba.org/mailman/listinfo/samba >