Hi, I understand that Linux permissions override Samba permissions. But is it also the case that the Samba permissions override the Linux permissions? Example: I have a samba share called "SHARE". This is disabled by default and is configured for write access by group "MY_GROUP". The permissions of all files and folders within /c/SHARE are 777 (rwxrwxrwx). Now, if a user called "David" belonging to group "users" tried to access "\\READYNAS\SHARE\document.doc" would they have permission? I believe not but am looking for confirmation? My testing and understanding, leads me to the conclusion that both Samba and Linux permissions override each other. The most restrictive set win. Am I correct? Many Thanks Stephen Elliott
Hi Stephen, I'm not a Samba expert, but a long-time samba user.>From what you stated, I believe any user would be able to enter the shareand read/write/execute all of its contents. The three groups of three rwxrwxrwx First, what the directory/file owner can do Second, what the directory/file members can do Third, what other users can do So, any person with a user account and who is an enabled samba user too, will be able to enter the directory. To restrict directory access, many use the "valid users = user1,user2" option. Mike
On Sat, Nov 26, 2011 at 04:46:02PM -0000, Stephen Elliott wrote:> I understand that Linux permissions override Samba permissions. But is it > also the case that the Samba permissions override the Linux permissions? > > Example: > > I have a samba share called "SHARE". This is disabled by default and is > configured for write access by group "MY_GROUP". > > The permissions of all files and folders within /c/SHARE are 777 > (rwxrwxrwx). > > Now, if a user called "David" belonging to group "users" tried to access > "\\READYNAS\SHARE\document.doc" would they have permission? I believe not > but am looking for confirmation?> My testing and understanding, leads me to the conclusion that both Samba and > Linux permissions override each other. The most restrictive set win. Am I > correct?Your understanding is basically correct. That said, "override each other", is not really correct, though your second summary is close to the truth. That is, Samba permissions may be more restrictive than filesystem (Linux or otherwise) permissions, but may not be more open; in the end the filesystem is the master. -- greg byshenk - gbyshenk at byshenk.net - Leiden, NL