samba - Mar 2005 - I would like to create a Samba share supporting named writers, named readers, and no guests ...

I have not hit on the correct combination of parameters.  Closest I come
still allows the readers to modify - but not create - files.  Not what I
want.  If someone can give me a hint, I would really appreciate it.  Thank
you.

If I do this, reader1 can see the files (good), cannot create files (good),
but can modify (write) existing files (bad!)

------- smb.conf -------

[native6-stuff]
   path = /native6-stuff
   valid users = write1 write2 write3 reader1
   guest ok = no
   read-list = reader1
   write-list write1 write2 write3
   force group = writers
   public = no
   writable = yes
   printable = no
   create mask = 0664
   directory mask = 0664

----------- /etc/group ------------
writers:x:598:write1,write2,write3
-------- end -------

------------ end -----------

The directory permissions are set so that the three writers are all in the
"writers" group, so the share ends up containing files owned by the
various
three writers, who can all modify each others files (group privs are
read/write), and the file and directory permissions grant "world"
readership.

I want it to allow the three named writers to write, and other Samba users
to list directories and read files only.  I want other people on the network
- people with no valid Samba account at all - to have no access at all.

----------------------------------------------------
John Spence
Native6, Inc.
----------------------------------------------------

For completeness, can you post a directory listing of the file(s) that
"reader1" can modify?

Your "write-list" directive might have a syntax error. (missing
'='?)

-mtw

On Tue, Mar 08, 2005 at 09:31:53AM -0800, John Spence, CCSI, CCNA, CISSP
(jspence@native6.com) wrote:
>  
> I have not hit on the correct combination of parameters.  Closest I come
> still allows the readers to modify - but not create - files.  Not what I
> want.  If someone can give me a hint, I would really appreciate it.  Thank
> you.
> 
> If I do this, reader1 can see the files (good), cannot create files (good),
> but can modify (write) existing files (bad!)
> 
> ------- smb.conf -------
> 
> [native6-stuff]
>    path = /native6-stuff
>    valid users = write1 write2 write3 reader1
>    guest ok = no
>    read-list = reader1
>    write-list write1 write2 write3
>    force group = writers
>    public = no
>    writable = yes
>    printable = no
>    create mask = 0664
>    directory mask = 0664
> 
> ----------- /etc/group ------------
> writers:x:598:write1,write2,write3
> -------- end -------
> 
> ------------ end -----------
> 
> The directory permissions are set so that the three writers are all in the
> "writers" group, so the share ends up containing files owned by
the various
> three writers, who can all modify each others files (group privs are
> read/write), and the file and directory permissions grant "world"
> readership.
> 
> I want it to allow the three named writers to write, and other Samba users
> to list directories and read files only.  I want other people on the
network
> - people with no valid Samba account at all - to have no access at all.
> 
> ----------------------------------------------------
> John Spence
> Native6, Inc.
> ----------------------------------------------------
> 
> -- 
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/listinfo/samba
-- 
Matthew White
District Systems Administrator
Tigard-Tualatin School District

I absolutely have a syntax error - "read-list" should be "read
list".  I
found my error last night by using the "testparm" program.  Rats.

Thanks for replying Matthew.

----------------------------------------------------
John Spence
----------------------------------------------------