Chris Osicki wrote:
Hi
I'm using Samba 3.0.33 on Solaris10 and have the following problem.
In the smb.conf I have
workgroup = CORPROOT
security = domain
and users authenticated to CORPROOT domain can connect shares
w/o problems, [homes] for example.
Now I would like to create a share and restrict access to it just
to a dozen of users or so.
I tried
valid users = +docs
force user = usodocs
where docs is a group in /etc/group and it didn't work.
Looks like Samba is trying to look up the group docs on the domain
controller in the CORPROOT domain.
So, I tried this
valid users = CORPROOT\user
force user = usodocs
it works.
According to man page
valid users = +docs
should work.
I must be missing something, but what?
Is there any better/nicer way to achieve what I'm looking for?
That is, to give a group of users full control over content of
a share.
I have several Linux Samba servers where I use POSIX ACLs to control
read/write rights on the OS level and it works fine.
I tried the same on the Solaris10 box with ZFS and its ACLs and it
didn't work as expected (posted about it few weeks ago, no answers though)
I would be very thankful for any help.
BTW, anyone any idea how to attract attention to a post on this list?
Virtual beer as attachment? ;-)
My success rate is by now close to nothing.
Thanks for your time.
Regards,
Chris
Further to my earlier response, you need to ensure that the group has
access to the share since Samba permissions cannot override Linux
permissions. You may want to set the Linux permissions to 777 while
testing. Leave off the force user and just try the "valid users". Also,
since you are using the + group prefix, this is strictly the Linux group
that you are granting permission to.
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
