Jason M. Kusar
2007-Mar-12 00:37 UTC
[Samba] write list doesn't override read only paramater
Hi all, I'm trying to set up a share that is readable by everyone, but writable by only a few. From my understanding, this should work: [audio] path = /tank/media/Audio comment = Audio Files write list = sound, @"Domain Admins", @"Associate Admins" force user = data force group = other read only = Yes The user sound (who is in the Windows Domain that this server is a member of) should be able to write to the share. The local user data has write permissions on the directory. The user sound is able to connect and read, but not write. If I change read only to No, the sound user can write to the share, but so can everyone else. Here is my complete config file for reference: [global] workgroup = EX realm = EXAMPLE.COM server string = media.example.com security = ADS password server = 192.168.0.32 log level = 3 log file = /var/log/samba/%m max log size = 50 printcap name = cups preferred master = No local master = No ldap ssl = no idmap uid = 10000-20000 idmap gid = 10000-20000 winbind separator = + winbind enum users = Yes winbind enum groups = Yes winbind use default domain = Yes printing = cups print command = lpr -P'%p' %s; rm %s lpq command = lpq -P'%p' lprm command = lprm -P'%p' %j lppause command = lp -i '%p-%j' -H hold lpresume command = lp -i '%p-%j' -H resume queuepause command = disable '%p' queueresume command = enable '%p' [audio] path = /tank/media/Audio comment = Audio Files write list = sound, @"Domain Admins", @"Associate Admins" force user = data force group = other read only = Yes Thanks! --Jason
Gerald (Jerry) Carter
2007-Mar-12 15:42 UTC
[Samba] write list doesn't override read only paramater
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Jason M. Kusar wrote:> Hi all, > > I'm trying to set up a share that is readable by > everyone, but writable by only a few. From > my understanding, this should work: > > [audio] > path = /tank/media/Audio > comment = Audio Files > write list = sound, @"Domain Admins", @"Associate Admins" > force user = data > force group = other > read only = YesFirst thing is to fully qualify the domain names. This has been a software requirement since 3.0.8 and a hard requirement since 3.0.23. cheers, jerry ====================================================================Samba ------- http://www.samba.org Centeris ----------- http://www.centeris.com "What man is a man who does not make the world better?" --Balian -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFF9XS2IR7qMdg1EfYRAr0uAJwPSsyw0GqKe/KMRU8lJnJ/Ri7mqACg1EEi CSL+gVsOqDZ9HYSM6PVMpdA=dW8o -----END PGP SIGNATURE-----