On Fri, Oct 17, 2008 at 12:56 PM, Mikael Kermorgant < [EMAIL PROTECTED]> wrote:
> > > On Thu, Oct 16, 2008 at 7:45 PM, Sébastien Prud'homme < > [EMAIL PROTECTED]> wrote: > >> 2008/10/16 Mikael Kermorgant <[EMAIL PROTECTED]>: >> > Hello, >> > >> > I'm considering moving our windows shares (2003 domain) to a samba >> server, >> > to improve performance, setup clustering and use scheduled lvm >> snapshots. >> > However, I've not clarified how our current security policy would be >> applied >> > on this server and like to ask you some things (sorry, I'm sure they >> already >> > have been posted but there is so much on this topic to read I prefer to >> ask >> > again) >> > >> > Currently, we manage security on our shares by : >> > * giving full control to everybody at the "share" level >> > * restricting rights at the "security" level >> > >> > By switching to samba, we face a set of challenges : >> > >> > * Changes to our security policy. We will have to manage security at the >> > linux/samba level and this raises some questions: >> > - is it still possible to keep the security management at the file level >> (by >> > giving full control at the share level and thus eliminating botherings >> on >> > this side) ? I know there are some limitations when mapping posix acls >> to >> > windows one but that might be acceptable. >> > >> >> No problem if you edit Posix ACL directly. I advice not to use the >> Security tab in Windows (when you right click on a file/directory and >> change the Properties) to modify ACL. >> >> > - I've tried to manage posix acls on ext3 via konqueror which I could >> find a >> > good alternative to windows' gui but I'd prefer a web front end. Would >> you >> > have some nice web gui to recommend ? >> >> The only one i know is a Webmin module: >> http://webmin-fsacls.sourceforge.net/en/index.html >> >> Thanks for this info, I'll check how it works. Regarding your advice not to use the security tab in windows, that's a possibility I wasn't aware of. If I have understood how it works, you have to mount the share under a specific letter (S: for example) , and then you can manage security from there. AS this would surely be the easiest solution in our migration, could you please indicate what the drawbacks would be ? Regards, -- Mikael Kermorgant
-- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
