Ash Gosh
2008-May-05 12:16 UTC
[Samba] Add permission? (was How to create a write-only share?)
Need your help! I'm very confised and tired, tried a lot of variants but still at the start, even lost all understanding how the permissions and masks works. Please write me a config for the following case: There is a directory: '/home/shared/door', owned by 'michael:office' shared via samba as '[door]' How can I configure the FS and samba to let 'michael' full control of directory content and let members of gorup 'office' to add files to this Samba share from Windows machine. But members of group 'office' and everyonne esle should not be able to read the files and even see the contents of the share (contents of directory). Thanks in advance, Ash Gosh.
Ash Gosh
2008-May-06 14:38 UTC
[Samba] Fwd: Add permission? (was How to create a write-only share?)
Is it possible or not? Now it is a very urgent problem for me, please help!!! G.A. ---------- Forwarded message ---------- From: Ash Gosh <gosha.asha@gmail.com> Date: Mon, May 5, 2008 at 3:15 PM Subject: Add permission? (was How to create a write-only share?) To: samba@lists.samba.org Need your help! I'm very confised and tired, tried a lot of variants but still at the start, even lost all understanding how the permissions and masks works. Please write me a config for the following case: There is a directory: '/home/shared/door', owned by 'michael:office' shared via samba as '[door]' How can I configure the FS and samba to let 'michael' full control of directory content and let members of gorup 'office' to add files to this Samba share from Windows machine. But members of group 'office' and everyonne esle should not be able to read the files and even see the contents of the share (contents of directory). Thanks in advance, Ash Gosh.
Alex Harrington
2008-May-24 00:10 UTC
[Samba] Fwd: Add permission? (was How to create awrite-onlyshare?)
Ash My understanding is that "admin users" should make that user effectively root, and therefore able to access files that aren't owned by them or with no permissions granted. If you directly access a file you know exists - say open in notepad \\server\append\test.txt as michael, I think it will still allow you access. One option would be to have a second share called appendadm which only Michael has permission to access which forces either permissions or drops the hide unreadable statement. eg:> [appendadm] > path = /home/append > valid users = michael > writeable = yes > write list = michael > admin users = michael > hide unreadable = no > create mode = 200 > directory mode = 770 > force group = officeIf you have security=share set then the admin users line will have no effect - so that may be why you aren't seeing the initial share working properly. Cheers Alex -- Alex Harrington - Network Manager Longhill High School t: 01273 304086 e: alex@longhill.org.uk -----Original Message----- From: Ash Gosh [mailto:gosha.asha@gmail.com] Sent: Fri 23/05/2008 21:31 To: Alex Harrington Subject: Re: [Samba] Fwd: Add permission? (was How to create awrite-onlyshare?) Hello! I'm sorry, I was out unfortunatley, was in hospital without internet :( This variant works but... But michael becomes unable to read newly added data because file has been created under <user>.office -w------- permissions. I'm tried to add setfacl -m default:user:michael:wrx /home/apeend but new files does not inherit this rule... what to do here? AG. On Thu, May 8, 2008 at 12:16 PM, Alex Harrington <alex@longhill.org.uk> wrote:>> In this case I still can't add a file from Windows machine into the > share append... >> Seems it can't be done with Samba and posix permissions? > > Try this: > > [root@fs home]# chown -R michael.office append > [root@fs home]# chmod -R 770 append > > smb.conf: > [append] > path = /home/append > valid users = +office > writeable = yes > write list = +office > admin users = michael > hide unreadable = yes > create mode = 200 > directory mode = 770 > force group = office > > I can't see any reason why that config won't do exactly what you want it > to. > > If it still doesn't work, you need to start narrowing the problem down - > so logon to the console of the server first as michael. Can you cd in to > /home/append? If so, can you touch a new file? Repeat the process for a > different user in the office group. What is the result? As root, what is > the contents of that folder now? If that all works, the POSIX > permissions are working fine so it makes it a Samba problem. Visa versa > then the POSIX permissions are the ones to look at. > > Alex > > -- > Alex Harrington - Network Manager, Longhill High School > > t: 01273 304086 | e: alex@longhill.org.uk >