no, my samba is not a PDC, it's a domain member server to an NT4 PDC.... i had already tried exactly what you have suggested and it doesn't work.... no matter what happens, i can access the groupB dir
----- Original Message ----- From: "Marian Mlcoch, Ing" <[EMAIL PROTECTED]> To: "ipguy" <[EMAIL PROTECTED]> Sent: Wednesday, June 04, 2003 10:48 PM Subject: Re: [Samba] subshares ? > When you write in examples i example this: > If yor PDC is samba with shares you needed then simply set this > > rwxrwx--- root groupA driveA > and all files and subdirs with this in driveA > except driveB > > rwxrwx--- root groupB driveB > and all files and subdirs with this in driveB > > this can change on existing by chmod 770 -R and chown,chgrp simply. > For creating new files with this you must set proper smb.conf mask > directives > > > [driveA] > path = /samba/driveA > browseable = Yes > writeable = Yes > valid users = @groupA > force group = groupA > > [driveB] > path = /samba/driveA/driveB > browseable = No > writeable = Yes > valid users = @groupB > force group = groupB > > directory mask = 0770 >or inherit > permissions = yes > create mask = 0770 > > Thats all folks! > > > ----- Original Message ----- > From: "ipguy" <[EMAIL PROTECTED]> > To: "Marian Mlcoch, Ing" <[EMAIL PROTECTED]> > Sent: Wednesday, June 04, 2003 1:46 PM > Subject: Re: [Samba] subshares ? > > > > > > > > > Plus i dont understand > > > valid users = PDC+groupA < this is one user name? > > > force group = PDC+groupA > > > > "PDC+groupA" is a group on the domain (NT4) i chose to call PDC, as an > > example > > so, "valid users = PDC+groupA" means anyone in this domain group can > access > > the share > > and , "force group = PDC+groupA" means, i want to force all files/dir > > created in this share to belong to the same group, "PDC+groupA" > > > > > what is PDC+groupA ? > > > > see above.... > > > > I'm talking winbind here........... > > > > > > > > > > > > > > > Bye. > > > > > > ----- Original Message ----- > > > From: "ipguy" <[EMAIL PROTECTED]> > > > To: "Marian Mlcoch, Ing" <[EMAIL PROTECTED]> > > > Cc: <[EMAIL PROTECTED]> > > > Sent: Wednesday, June 04, 2003 11:38 AM > > > Subject: Re: [Samba] subshares ? > > > > > > > > > > i understand. > > > > please read my original question.... > > > > > > > > > > > > > > > > ----- Original Message ----- > > > > From: "Marian Mlcoch, Ing" <[EMAIL PROTECTED]> > > > > To: "ipguy" <[EMAIL PROTECTED]> > > > > Cc: <[EMAIL PROTECTED]> > > > > Sent: Wednesday, June 04, 2003 6:56 PM > > > > Subject: Re: [Samba] subshares ? > > > > > > > > > > > > > No you not understand priority of permisions on NT and samba is this > > > > > identical but samba without ACL is simples. > > > > > > > > > > Highest priority to acces any file is file permision and owner on > > linux > > > > > filesystem respect by samba. > > > > > Secondary is directory permision and ownership with parent respect > > > > > structure. > > > > > And last is share definition that set only permision implicit for > > > network. > > > > > > > > > > if share is read only then all under this share is read only used > over > > > > this > > > > > share but another share can be write to this or its subdirs. > > > > > else if share is writable then only user with suficient name and > group > > > to > > > > > !!share directory!! permision can write to directory structure as is > > > > rename > > > > > delete or create files and subdirs. And only users and groups that > > have > > > > suff > > > > > permision to exist files can read, execute or change it. This all is > > > > > controlled by filesystem not over samba conf (if you install > > filesystem > > > > with > > > > > acl then you can set more perms on one file as clasic > > user-group-other). > > > > > > > > > > Samba conf only control settings perm of new files and dirs created > > over > > > > > net. > > > > > > > > > > Bye. > > > > > > > > > > ----- Original Message ----- > > > > > From: "ipguy" <[EMAIL PROTECTED]> > > > > > To: "John H Terpstra" <[EMAIL PROTECTED]> > > > > > Cc: <[EMAIL PROTECTED]> > > > > > Sent: Wednesday, June 04, 2003 10:33 AM > > > > > Subject: Re: [Samba] subshares ? > > > > > > > > > > > > > > > > so my only option is NT ACL support then... > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > On Tue, 3 Jun 2003, ipguy wrote: > > > > > > > > > > > > > > > hi all... > > > > > > > > i have what seems a simple question regarding subshares, for > > lack > > > of > > > > a > > > > > > better term... > > > > > > > > say i have a share with specific user/group permissions and a > > > > > directory > > > > > > inside the share that i would like to add different user/group > > > > > > permissions... > > > > > > > > this is an example of my smb.conf file to illustrate > > > > > > > > > > > > > > > > [driveA] > > > > > > > > path = /samba/driveA > > > > > > > > browseable = Yes > > > > > > > > writeable = Yes > > > > > > > > valid users = PDC+groupA > > > > > > > > force group = PDC+groupA > > > > > > > > > > > > > > > > [driveB] > > > > > > > > path = /samba/driveA/driveB > > > > > > > > browseable = No > > > > > > > > writeable = Yes > > > > > > > > valid users = PDC+groupB > > > > > > > > force group = PDC+groupB > > > > > > > > inherit permissions = No > > > > > > > > > > > > > > > > shouldn't this restrict groupA users from accessing the > subshare > > > > > called > > > > > > > > "driveB" located inside the share "/samba/driveA" ?? > > > > > > > > > > > > > > driveB is a directory in /samba/driveA from the perspective of > the > > > > > driveA > > > > > > > share. IT is NOT a sub-share, there is no such thing in the > > SMB/CIFS > > > > > > > protocol specification. > > > > > > > > > > > > > > That means that users of the share called driveA will be able to > > > > access > > > > > > > the contents of the directory driveB as permitted by the > > permissions > > > > on > > > > > > > the driveBdirectory. > > > > > > > > > > > > > > - John T. > > > > > > > -- > > > > > > > John H Terpstra > > > > > > > Email: [EMAIL PROTECTED] > > > > > > > > > > > > -- > > > > > > To unsubscribe from this list go to the following URL and read the > > > > > > instructions: http://lists.samba.org/mailman/listinfo/samba > > > > > > > > > > > > > -- > > > > To unsubscribe from this list go to the following URL and read the > > > > instructions: http://lists.samba.org/mailman/listinfo/samba > > > > -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
