Linux ext3 and ext4 file systems should support acl's, which allow for
multiple users and groups and the more fine grained controls you are
looking for. The "setfacl" and "getfacl" commands should
verify if
this is working.
I am running Samba on Solaris with the zfs file system- so this is not
exactly your situation. However it does demonstrate that Unix-to-Samba
ACL support does work (although not always perfectly.)
"testparm -v | grep acl" should let you know which options are
available
for smb.conf
On 07/06/2010 10:12 AM, Hasnain Badami wrote:> Hi All
>
> I have been asked by my company management to look into moving file share
> server from Windows 2003 server OS to Ubuntu 10.4 using Samba. I have
> successfully configured active directory authentication using winbind and
> have configured samba and am able to access my file share successfully.
>
> The complication arise as a result of implementing ACL mappings on Linux,
as
> I need fine grained control over specific subfolders and files. From what I
> have read, I cant map all 13 permissions to respective unix rwx
permissions.
> I have a use case where a certain group called A has read write execute
> rights on a folder/file but they shouldnt be allowed to delete the specific
> folder/file. On windows, all I have to do is set up my security permissions
> to deny 'delete subfolders and files' and 'delete' and it
works well. In
> linux world I understand I cant do this as the user has rwx permissions on
> the folder/file and he can do whatever he likes.
>
> I googled a lot around this issue and found that if you set up sticky bit
on
> the directory I can still read and write from the file or directory and
wont
> be able to delete it. It works in case of most document types but MS
office.
> From samba help I figured that "Word does the following when you
> modify/change a Word document: MS Word creates a new document with a
> temporary name. Word then closes the old document and deletes it, then
> renames the new document to the original document name." The url is
>
http://www.samba.org/samba/docs/man/Samba-HOWTO-Collection/AccessControls.html#id2615334
> So
> if the sticky bit is set on the directory containing word files for
> instance, linux wont be able to delete the file (as required in write
> operations by MS office) and hence comes with an error.
>
> I shall be highly obliged if some one can shed light on this issue.
> Alternatively I would love to learn about other solutions for the use case
> mentioned.
>
> Thanks in advance
>
> Hass.
>