Hi all
I am using centos 5.2. Samba 3.2.1 as PDC with ldap backend.? Is it possible to
acheive windows acls in samba?? My requirement is
1.? In a particular share, a specfied users should be able to modify the created
the files like Microsoft word or excel etc. but should not be able to delete or
create any new? files in the share ( which is possible in windows NT share)
2. I am able to modify the notepad files in the share where i have not given
delete permission to users. But when i modify the Microsoft word file, users are
not able to edit it and found the reason behind it , microsoft word create temp
file in the current working directory. Because user are not given permission to
create file so temp file doesn't get create when editing microsoft word file
and they are not able to edit the MS word file. Notepad doesn't create any
temp file so i am able edit the notepad file.
I have mounted the share with acl options too.
Here is my smb.conf file
[global]
??????? dos charset = 850
??????? unix charset = ISO8859- 1
??????? workgroup = TETRADOM
??????? obey pam restrictions = Yes
??????? password server = 192.168.1.151
??????? passdb backend = ldapsam:ldap://127.0.0.1/
??????? username map = /etc/samba/smbusers
??????? log level = 3
??????? log file = /var/log/samba/%m.log
??????? time server = Yes
??????? unix extensions = No
??????? add user script = /usr/sbin/smbldap-useradd -m %u
??????? delete user script = /usr/sbin/smbldap-userdel %u
??????? add group script = /usr/sbin/smbldap-groupadd -p %g
??????? delete group script = /usr/sbin/smbldap-groupdel %g
??????? add user to group script = /usr/sbin/smbldap-groupmod -m %g %u
??????? delete user from group script = /usr/sbin/smbldap-groupmod -x %g %u
??????? set primary group script = /usr/sbin/smbldap-usermod -g %g %u
??????? add machine script = /usr/sbin/smbldap-useradd -w %u
??????? logon script ??????? logon path ??????? logon drive = H:
??????? logon home ??????? domain logons = Yes
??????? os level = 65
??????? preferred master = Yes
??????? domain master = Yes
??????? ldap admin dn = cn=Manager,dc=tetra,dc=com
??????? ldap group suffix = ou=Groups
??????? ldap idmap suffix = ou=Users
??????? ldap machine suffix = ou=Computers
??????? ldap passwd sync = Yes
??????? ldap suffix = dc=tetra,dc=com
??????? ldap ssl = no
??????? ldap user suffix = ou=People
??????? idmap uid = 15000-20000
??????? idmap gid = 15000-20000
??????? ea support = Yes
??????? map acl inherit = Yes
??????? store dos attributes = Yes
??????? dont descend = /proc,/dev,/etc,/lib,/lost+found,/initrd
??????? dos filemode = Yes
[homes]
??????? comment = Home Directories
??????? path = /home/%u
??????? valid users = %S
??????? read only = No
??????? browseable = No
[netlogon]
??????? comment = Network Logon service
??????? path = /home/netlogon
??????? guest ok = Yes
??????? browseable = No
[test]
??????? comment = Data2
??????? path = /test
??????? valid users = +tetrasuper, +tetra
??????? read list = +tetrasuper, +tetra
??????? write list = +tetrasuper, +tetra
??????? create mask = 0644
??????? force create mode = 0766
??????? inherit owner = Yes
[tetra]
??????? comment = data
??????? path = /tetra
??????? read only = No
??????? create mask = 0644
??????? force create mode = 01666
??????? directory mask = 01755
??????? inherit owner = Yes
??????? hide files = /*.tmp/
??????? nt acl support = yes
If there anyone who can help with this situation.
Thanks