I'm implementing a Samba 3.5.4 server, and have some basic questions about controlling share-level permissions. To let you know my level of knowledge, I'm a pretty good Linux admin, and can do basic Windows domain admin work.
My goal is fairly simple: I need several shares that will be used by Windows users to send and get files from a Unix process. One share would do it, except that I need different security on different directories. I have the shares all created and in use, but I have NO security on any of them, yet. The configuration of each one is the same. Here's a sample: [TEST] path = /xxx/test read only = No force group = user1 force create mode = 060 My basic question is: Given that I'd be happy with simply creating a Windows group for each share, and giving full read/write access to the group associated with each share, what's the best practice for doing this? >From my reading (chapter16 of the Samba HOWTO), it appears that one way is just to say: valid users = domain\group1 in the smb.conf for each share. Is this NOT a perfectly good way to do it? Any reason why I might not want to do it? >From reading the HOWTO, and expermenting, it looks like I can assign permissions from a Windows client, by right-clicking the share, select properties, going to the security tab, and adding permissions, just like it was a real Windows server. This appears to work, but I haven't tested it much, and I'm concerned because I can't figure out where Samba is storing the permission changes I'm making. None of the TDB files seem to change when I fiddle with the permissions, and I think Samba must be storing these changes SOMEWHERE. So, question 2 is: Can I indeed assign permissions from a Windows client, without doing anything at all in smb.conf? if so, can you point me to docs that explain how this works? -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba