Hi! I need to create a share that will be readoble by root only (by owner) and writeable for all. We replacing a dead Windows NT 4.0 server and there was a permission type called "Add" and our users uses this type of permission often. They creates a shares where other users can add files but can not read or even list it. I saw a thread here called "How to make "Add permission" for folder in system withntacl support?<http://archives.free.net.ph/message/20071031.173732.50cc2cef.en.html>" but there was no solution published. I beleive that there is a solution, I hope so. So how to create a share where all users will be able to paste their file but only accepted users will be able to list the files or read it? For example: user userA is the owner user Guest is a someone else server path - \\server <file://server/> share path \\server\userAdoor <file://server/userAdoor> user Guest should be able to open a \\server <file://server/> and simply to drag'n'drop a file into the userAdoor share or user Guest should be able to select some file somewhere in his filesystem, go to \\server <file://server/>, select userAdoor, press right button and paste the file. of course user Guest should not be able to see the \\server\userAdoor<file://server/userAdoor>content. Thanks in advance, Ash.
On Fri, Apr 4, 2008 at 6:55 PM, Ash Gosh <gosha.asha@gmail.com> wrote:> Hi! > > I need to create a share that will be readoble by root only (by owner) and > writeable for all. We replacing a dead Windows NT 4.0 server and there was a > permission type called "Add" and our users uses this type of permission > often. They creates a shares where other users can add files but can not > read or even list it. I saw a thread here called "How to make "Add > permission" for folder in system withntacl support?<http://archives.free.net.ph/message/20071031.173732.50cc2cef.en.html>" > but there was no solution published. I beleive that there is a solution, I > hope so. >Hello, It's me again, sorry for bothering. Does this problem has a solution? I need to replace a dead Win NT 4 server qickly so please let's start a discussion. Maby I'll need to select an filesystem other than ext3 or even the server OS, to Solaris with ZFS for example? Please help Thanks in advance, Ash.
Ash Gosh wrote:>> I need to create a share that will be readoble by root only (by owner) and >> writeable for all.Real easy. We did it to create a "quarantine share" for Windows AV agents to move viruses to. The share is world-writable - but not readable by anyone You simply create a share and set the following smb.conf settings [sharename] path = /dir read only = No create mask = 0333 directory mask = 0333 guest ok = Yes Then if the actual directory is 1777, then anyone can write to it. Of course you can always fiddle with those perms to suit... -- Cheers Jason Haar Information Security Manager, Trimble Navigation Ltd. Phone: +64 3 9635 377 Fax: +64 3 9635 417 PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063 5EBB FE1D 66D1
On Mon, Apr 7, 2008 at 12:29 PM, Jason Haar <Jason.Haar@trimble.co.nz> wrote:> Real easy. We did it to create a "quarantine share" for Windows AV agents > to move viruses to. The share is world-writable - but not readable by anyone > > You simply create a share and set the following smb.conf settings > > [sharename] > path = /dir > read only = No > create mask = 0333 > directory mask = 0333 > guest ok = Yes > > Then if the actual directory is 1777, then anyone can write to it. Of > course you can always fiddle with those perms to suit... >Hello Jason, Thanks for the answer but in this case anyone can look into the folder and see the file list. Sometimes even a filenames could be the secret. So this is not helps us. Thanks, Ash.
> Thanks for the answer but in this case anyone can look into the folderand see the file> list. Sometimes even a filenames could be the secret. So this is nothelps us. Set "hide unreadable = yes" on the share. Alex -- Alex Harrington - Network Manager, Longhill High School t: 01273 304086 | e: alex@longhill.org.uk
It seems to be too complex for me. I'll share my config, please tell me what also I need to do: parts from smb.conf: ===============================nt acl support = yes acl compatibility = win2k map acl inherit = yes ..... [michael] path = /home/shared/michael valid users = +users read only = no admin users = +wheel [roman] path = /home/shared/roman valid users = +users read only = no admin users = +wheel =============================== FS: [root@fs shared]# ls -ld michael roman drwxrwx---+ 3 michael wheel 4096 Apr 4 22:13 michael drwxrwx---+ 4 roman sales 4096 Apr 4 22:12 roman [root@fs shared]# getfacl michael # file: michael # owner: michael # group: wheel user::rwx user:michael:rwx group::--- group:wheel:rwx mask::rwx other::--- default:user::rwx default:user:michael:rwx default:group::--- default:group:wheel:rwx default:mask::rwx default:other::--- [root@fs shared]# getfacl roman # file: roman # owner: roman # group: sales user::rwx user:roman:rwx group::--- group:wheel:rwx group:sales:rwx mask::rwx other::--- default:user::rwx default:user:roman:rwx default:group::--- default:group:wheel:rwx default:group:sales:rwx default:mask::rwx default:other::--- What also I have to do to allow every member of group 'users' to drag'n'drop ot paste any file/folder into the michael but do not allow to read or evet to list the share contents. On Windows NT 4.0 server it was done by adding a "Add" permission for group 'users' to shared folder. Please help me, our users is near to kill me!!!
Apparently Analagous Threads
- How to make "Add permission" for folder in system withntacl support?
- Cannot connect to Samba-3.0.23d (and earlier) from other trusted AD domains
- How do you properly use "--partial"?
- FreeBSD, Samba 3.0.28a joined to AD domain but prompts for login
- performance lower then expected