Sahibzada Junaid Noor
2004-Jul-05 10:52 UTC
[Samba] on the fly access and privilege determination
Hi, I have a active directory domain of windows 2000. inside AD i have three user groups. Teachers, students and administration. every user has his home directory created on the fly. the umask is 0022. now what i want is that apart from users accessing there home directories there should be some other folders too which they can access. like teachers would like to access the assignments folder where students can paste there assignments. but students can only paste and cannot read in this folder. also i want a folder which both teachers and students can accees like the lecture notes folder which contains the lecture notes for the current academic session. what infact i would like to have is that the rights and permissions of a certain user to be determined on the fly based on his membership of a certain active directory user group to which he belongs. like only a user belonging to teacher group can access a assignments folder. but some one belonging to either teacher or students can access lecture notes. the same way no one except the administration can acceess the confidential folders containing the progress reports . i hope i have been clear can any one send a smb.conf which contains such settings. ==== Sahibzada Junaid Noor Ph # (+92) (051) 5950 940 Cell # (+92) (0333) 5223586 Qazi plaza,Third Floor,Commerical Market,Chaklala Scheme 3, Rawalpindi Islamic Republic of Pakistan __________________________________ Do you Yahoo!? New and Improved Yahoo! Mail - 100MB free storage! http://promotions.yahoo.com/new_mail
You could enable ACLs and set permissions with those, using the normal windows security dialog. There is a howto here: http://www.bluelightning.org/linux/samba_acl_howto/ Once ACLs are working, just set up permissions as you would on a windows file server. If you do not want to use ACLs you could use the options in smb.conf: [teachersonly] write list = (users or groups who can write to the folder) valid users = (users or groups who can access the folder) You will probably have more flexibility using ACLs Hope that helps Sahibzada Junaid Noor wrote:>Hi, > > I have a active directory domain of windows 2000. > >inside AD i have three user groups. Teachers, students >and administration. > > every user has his home directory created on the >fly. the umask is 0022. > >now what i want is that apart from users accessing >there home directories there should be some other >folders too which they can access. > >like teachers would like to access the assignments >folder where students can paste there assignments. but >students can only paste and cannot read in this >folder. > >also i want a folder which both teachers and students >can accees like the lecture notes folder which >contains >the lecture notes for the current academic session. > >what infact i would like to have is that the rights >and permissions of a certain user to be determined on >the fly based on his membership of a certain active >directory user group to which he belongs. > >like only a user belonging to teacher group can access >a assignments folder. > >but some one belonging to either teacher or students >can access lecture notes. > >the same way no one except the administration can >acceess the confidential folders containing the >progress reports . > >i hope i have been clear > >can any one send a smb.conf which contains such >settings. > > > >====> > Sahibzada Junaid Noor > Ph # (+92) (051) 5950 940 > Cell # (+92) (0333) 5223586 > Qazi plaza,Third Floor,Commerical Market,Chaklala Scheme 3, > Rawalpindi > Islamic Republic of Pakistan > > > > > > > > > >__________________________________ >Do you Yahoo!? >New and Improved Yahoo! Mail - 100MB free storage! >http://promotions.yahoo.com/new_mail > >