In a samba share with domain authentication on an ext2 filesystem, is there any sensible way to allow creation of folders, files and so on inside it other than making the share directory world-writeable on the Unix system? If not, are there other options for achieving this? I know I've heard about a Linux filesystem which has NT-style ACLs, but I've also heard that it's experimental, which doesn't sound ideal for something that's going to be pretty heavily used. Thanks, Vicky
Vicky Clarke wrote:> In a samba share with domain authentication on an ext2 filesystem, is there > any sensible way to allow creation of folders, files and so on inside it > other than making the share directory world-writeable on the Unix system?Look into running winbind on the Samba server. It will allow you to use the user and group information from the Windows PDC, and they will appear and function as users and groups on the Samba host system (Unix). Using winbind, files and directories on the Unix system can be owned by domain users whose accounts are maintained on the Windows PDC. There is a help file (docs/htmldocs/winbind.html) in the Samba source tree that covers this. I will warn you that it is somewhat complicated to configure. You have to re-configure your name service switch (nsswitch), and also modify your PAM (pluggable authentication modules) system ... and you also may need to recompile from source to get the winbindd daemon, and add it to your system startup scripts (SysV Init).> I know I've heard about > a Linux filesystem which has NT-style ACLs, but I've also heard that it's > experimental, which doesn't sound ideal for something that's going to be > pretty heavily used.Windows NT ACLs can be supported on Linux by installing the ACL patch for the Linux kernel. Again, this is a relatively complicated procedure. I wouldn't call it "experimental", it's just a function that isn't included in the mainstream Linux source code. Jay Ts jay@jayts.cx
At 12:45 15/07/2002 -0700, Jay Ts wrote:>There is a help file (docs/htmldocs/winbind.html) in the Samba source >tree that covers this. I will warn you that it is somewhat complicated >to configure. You have to re-configure your name service switch (nsswitch), >and also modify your PAM (pluggable authentication modules) system ... >and you also may need to recompile from source to get the winbindd >daemon, and add it to your system startup scripts (SysV Init).OK; if I don't use PAM already would I have to start?>Windows NT ACLs can be supported on Linux by installing the ACL patch >for the Linux kernel. Again, this is a relatively complicated procedure. >I wouldn't call it "experimental", it's just a function that isn't >included in the mainstream Linux source code.I believe what I was talking about is something different - a filesystem called XFS. http://oss.sgi.com/projects/xfs/features.html claims it supports POSIX ACLs; I don't know how those relate to NT-style ACLS, though. Vicky
Reasonably Related Threads
- 'Not listening for calling name'
- AW: add user script going Horribly Wrong (tm)
- NT domains authentication problem
- Fwd: Re: Fwd: cgroup OOM killer loop causes system to lockup (possible fix included) - now pinpointed to openssh-server
- Dyn.load of sharing object with GSL library