I apologize if this is an easy question. I am a samba newbie and the answer was not really clear to me from reading chpt 12 of the documentation. We recently moved from a Windows 2000 file server to a Samba(3.0.4) file server running on Solaris. We have about 20 top-level directories with lots of subdirectories. Right now, we have the security setup so that people can only get to the top-level directories that they should have access to. This is ok for now, but at some point we would like to get back to the way it was under NT. We have not figured out a way to control the permissions underneath these top-level directories. For example: The user is mapped to a single share that contains all of the folders (can't be more than one share since users need to access the folders from windows using the same drive letter). That share contains: Admin Helpdesk Finance HR etc. The particular user only has access to the HR directory which contains: Paychecks Personnel List etc. Now, this user should only have read access to List, no access to Personnel, and write access to Paychecks. In our current setup, he has write access to all these folders because they are only controlled by the top-level, HR, which has the Unix permissions: rwxrwx--- root hr (the user is a member of hr) Is there a way that we can have more control over the directories and files? Can someone give me some example configurations or point me to a past post or something? Thanks
Michael Flatley wrote: Yes ACL's>I apologize if this is an easy question. I am a samba newbie and the >answer was not really clear to me from reading chpt 12 of the >documentation. > >We recently moved from a Windows 2000 file server to a Samba(3.0.4) >file server running on Solaris. We have about 20 top-level >directories with lots of subdirectories. Right now, we have the >security setup so that people can only get to the top-level >directories that they should have access to. This is ok for now, but >at some point we would like to get back to the way it was under NT. >We have not figured out a way to control the permissions underneath >these top-level directories. > >For example: >The user is mapped to a single share that contains all of the folders >(can't be more than one share since users need to access the folders >from windows using the same drive letter). >That share contains: >Admin >Helpdesk >Finance >HR >etc. > >The particular user only has access to the HR directory which contains: >Paychecks >Personnel >List >etc. > >Now, this user should only have read access to List, no access to >Personnel, and write access to Paychecks. In our current setup, he >has write access to all these folders because they are only controlled >by the top-level, HR, which has the Unix permissions: > >rwxrwx--- root hr >(the user is a member of hr) > >Is there a way that we can have more control over the directories and >files? Can someone give me some example configurations or point me to >a past post or something? > >Thanks > >
Hi, I think if you choose to compile samba with the acl flag then you will have the complex access control desired. When you do a ./configure --help ... the options will be there but I think the option for acl support is --with-acl-support or something like that. Both my samba book and a unix terminal are not available to me now. Bri-
You have just, but the kernel and FS used for store data must using ACL... It's just patch kernel (if kernel 2.4.x) for ACL support acl.bestbits.at and use a FS which have this possibility : - ext3 - ReiserFS - JFS - XFS St?phane ----------------------------------- St?phane PURNELLE stephane.purnelle@corman.be Service Informatique Corman S.A. Tel : 00 32 087/342467 Hi, I think if you choose to compile samba with the acl flag then you will have the complex access control desired. When you do a ./configure --help ... the options will be there but I think the option for acl support is --with-acl-support or something like that. Both my samba book and a unix terminal are not available to me now. Bri- -- To unsubscribe from this list go to the following URL and read the instructions: lists.samba.org/mailman/listinfo/samba