Hi,
I have currently a department called HRM which have their own share
/data/hrm
Within that share is a folder called recruitment.
We recently hired an external recruiter to do some work for us. The folder
is /data/hrm/recruitment
How can I enforce that this person can only read and write in this
directory? Look below, is this the way to go? How would you handle this?
My config:
#======================= Global Settings
====================================
[global]
dns proxy = no
log file = /var/log/samba/log.%m
netbios name = srv01
load printers = yes
server string = srv01.mydomain.com
workgroup = MYDOMAIN
os level = 20
username map = /usr/local/etc/samba/smbusers
encrypt passwords = yes
hosts allow = 192.168.20. 127.
security = user
max log size = 50
#============================ Share Definitions
=============================
# the "staff" group
[hrm]
writeable = yes
path = /data/hrm
write list = @hrm
force group = hrm
valid users = @hrm
create mode = 764
directory mode = 774
[recruitment]
comment = Recruitment Share
valid users = @recruitment
writeable = yes
path = /data/hrm/recruitment
write list = @recruitment
force group = recruitment
create mode = 764
directory mode = 774
Paul Rijke wrote:> Hi, > > > > I have currently a department called HRM which have their own share > /data/hrm > > > > Within that share is a folder called recruitment. > > > > We recently hired an external recruiter to do some work for us. The folder > is /data/hrm/recruitment > > > > How can I enforce that this person can only read and write in this > directory? Look below, is this the way to go? How would you handle this? > > > > My config: > > #======================= Global Settings > ====================================> > [global] > > dns proxy = no > > log file = /var/log/samba/log.%m > > netbios name = srv01 > > load printers = yes > > server string = srv01.mydomain.com > > > > workgroup = MYDOMAIN > > os level = 20 > > username map = /usr/local/etc/samba/smbusers > > > > encrypt passwords = yes > > hosts allow = 192.168.20. 127. > > security = user > > max log size = 50 > > > > #============================ Share Definitions > =============================> > > > # the "staff" group > > [hrm] > > writeable = yes > > path = /data/hrm > > write list = @hrm > > force group = hrm > > valid users = @hrm > > create mode = 764 > > directory mode = 774 > > > > [recruitment] > > comment = Recruitment Share > > valid users = @recruitment > > writeable = yes > > path = /data/hrm/recruitment > > write list = @recruitment > > force group = recruitment > > create mode = 764 > > directory mode = 774 > >Personally, I'd do this at the file system level. Put them in a group such that they don't have any permissions other than traverse (751 permissions or so) parent directories, and make them the owner of the recruitment directory with a 2770 permission on the directory. If you need to add more recruiters, just add them to the recruitment group. So, it'd look like this: user: recruiter group: recruitment /data/hrm (perms - root.users rwxrwx--x) /data/hrm/recruitment (perms - recruiter.recruitment rwxrwt---) Then just give them a link to /data/hrm/recruitment on their desktop or something (or map a drive on logon with the logon script). This is, of course, just one way to do it. I usually like to handle permissions at the lowest level.
"Paul Rijke" <paul@rijke.org> wrote in message news:000c01c873f1$c9fc3200$5df49600$@org...> Hi, > > > > I have currently a department called HRM which have their own share > /data/hrm > > > > Within that share is a folder called recruitment. > > > > We recently hired an external recruiter to do some work for us. The folder > is /data/hrm/recruitment > > > > How can I enforce that this person can only read and write in this > directory? Look below, is this the way to go? How would you handle this? >A Samba account is linked to a Linux account. I would set the security on the Linux account. I would do this using regular Linux file and directory permissions.