Harondel J. Sibble
2011-Aug-11 15:57 UTC
[Samba] multiple levels of group permissions on some folders in a share
trying to figure out the best way to accomplish this, running samba 3.x on a debian system in share level mode (workgroup) have a shared folder for all the staff that they have permssions to by membership of being in the "staff" group, this share has about 40-50 subfolders. now they have an intern starting and want to restict that intern to 5 of those folders which they'll access from an XP machine I could create a new share for each folder, but if they decide to expand the list of allowed folders, that gets clunky. So I created a new share for the intern and symlinked the 5 subfolders which they can see just fine, but they get a permission denied which makes sense since the intern account is not part of larger group with access to the 5 folders in question. What's the best way to allow them access to the 5 folders without allowing them to get access to the other 45 or so folders? -- Harondel J. Sibble Sibble Computer Consulting Creating Solutions for the small and medium business computer user. help at pdscc.com (use pgp keyid 0x3AD5C11D) http://www.pdscc.com Blog: http://www.pdscc.com/blog (604) 739-3709 (voice)
TAKAHASHI Motonobu
2011-Aug-13 06:00 UTC
[Samba] multiple levels of group permissions on some folders in a share
From: "Harondel J. Sibble" <help at pdscc.com> Date: Thu, 11 Aug 2011 08:57:41 -0700> trying to figure out the best way to accomplish this, running samba 3.x on a > debian system in share level mode (workgroup) > > have a shared folder for all the staff that they have permssions to by > membership of being in the "staff" group, this share has about 40-50 > subfolders.(snip)> What's the best way to allow them access to the 5 folders without allowing > them to get access to the other 45 or so folders?(snip)> I could create a new share for each folder, but if they decide to expand the > list of allowed folders, that gets clunky.What does your "clunky" mean? Creating 5 new shares is most easy solution I think. Instead if you can use ACL, you can create a group, make interns belong to the group and add ACL entries to the 5 folders only, which allow access to the group. Setting "hide unreadable = yes" other 45 folders cannot be seen by interns.> So I created a new share for the intern and symlinked the 5 subfolders which > they can see just fine, but they get a permission denied which makes > sense since the intern account is not part of larger group with > access to the 5 folders in question.Setting chmod o+rwx to the 5 folders is a way I think. --- TAKAHASHI Motonobu <monyo at samba.gr.jp>
Possibly Parallel Threads
- disabling swat during compile
- sieve vacation script exclude based on sender email address
- uniden voip gear
- speaking of sieve scripts... how to selectively not send vacation autoreply
- mac osx users have files written with non group permissions for some reason