[Samba] NTFS-type directory permissions
I apologize if this is an easy question. I am a samba newbie and the answer was not really clear to me from reading chpt 12 of the documentation. We recently moved from a Windows 2000 file server to a Samba(3.0.4) file server running on Solaris. We have about 20 top-level directories with lots of subdirectories. Right now, we have the security setup so that people can only get to the top-level directories that they should have access to. This is ok for now, but at some point we would like to get back to the way it was under NT. We have not figured out a way to control the permissions underneath these top-level directories. For example: The user is mapped to a single share that contains all of the folders (can't be more than one share since users need to access the folders from windows using the same drive letter). That share contains: Admin Helpdesk Finance HR etc. The particular user only has access to the HR directory which contains: Paychecks Personnel List etc. Now, this user should only have read access to List, no access to Personnel, and write access to Paychecks. In our current setup, he has write access to all these folders because they are only controlled by the top-level, HR, which has the Unix permissions: rwxrwx--- root hr (the user is a member of hr) Is there a way that we can have more control over the directories and files? Can someone give me some example configurations or point me to a past post or something? Thanks -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] NTFS-type directory permissions
Michael Flatley wrote: Yes ACL's I apologize if this is an easy question. I am a samba newbie and the answer was not really clear to me from reading chpt 12 of the documentation. We recently moved from a Windows 2000 file server to a Samba(3.0.4) file server running on Solaris. We have about 20 top-level directories with lots of subdirectories. Right now, we have the security setup so that people can only get to the top-level directories that they should have access to. This is ok for now, but at some point we would like to get back to the way it was under NT. We have not figured out a way to control the permissions underneath these top-level directories. For example: The user is mapped to a single share that contains all of the folders (can't be more than one share since users need to access the folders from windows using the same drive letter). That share contains: Admin Helpdesk Finance HR etc. The particular user only has access to the HR directory which contains: Paychecks Personnel List etc. Now, this user should only have read access to List, no access to Personnel, and write access to Paychecks. In our current setup, he has write access to all these folders because they are only controlled by the top-level, HR, which has the Unix permissions: rwxrwx--- root hr (the user is a member of hr) Is there a way that we can have more control over the directories and files? Can someone give me some example configurations or point me to a past post or something? Thanks -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] NTFS-type directory permissions
Hi, I think if you choose to compile samba with the acl flag then you will have the complex access control desired. When you do a ./configure --help ... the options will be there but I think the option for acl support is --with-acl-support or something like that. Both my samba book and a unix terminal are not available to me now. Bri- -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: Re: [Samba] NTFS-type directory permissions
You have just, but the kernel and FS used for store data must using ACL... It's just patch kernel (if kernel 2.4.x) for ACL support http://acl.bestbits.at and use a FS which have this possibility : - ext3 - ReiserFS - JFS - XFS Stéphane --- Stéphane PURNELLE [EMAIL PROTECTED] Service Informatique Corman S.A. Tel : 00 32 087/342467 Hi, I think if you choose to compile samba with the acl flag then you will have the complex access control desired. When you do a ./configure --help ... the options will be there but I think the option for acl support is --with-acl-support or something like that. Both my samba book and a unix terminal are not available to me now. Bri- -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] NTFS-type directory permissions
You have just, but the kernel and FS used for store data must using ACL... It's just patch kernel (if kernel 2.4.x) for ACL support http://acl.bestbits.at and use a FS which have this possibility : - ext3 - ReiserFS - JFS - XFS He's on Solaris, which has ACL support built in to UFS. Just make sure that samba was compiled with it like so: [fgoserv:/]# /opt/samba/sbin/smbd -b |grep ACL HAVE_SYS_ACL_H HAVE_SOLARIS_ACLS HAVE__ACL HAVE__FACL -- Paul Gienger Office: 701-281-1884 Applied Engineering Inc. Information Systems Consultant Fax:701-281-1322 URL: www.ae-solutions.commailto: [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] NTFS-type directory permissions
[EMAIL PROTECTED] wrote: You have just, but the kernel and FS used for store data must using ACL... It's just patch kernel (if kernel 2.4.x) for ACL support Oh yeah forgot that. If you've got FreeBSD 5.x it's in the default kernel. http://acl.bestbits.at and use a FS which have this possibility : - ext3 - ReiserFS - JFS - XFS Stéphane --- Stéphane PURNELLE [EMAIL PROTECTED] Service Informatique Corman S.A. Tel : 00 32 087/342467 Hi, I think if you choose to compile samba with the acl flag then you will have the complex access control desired. When you do a ./configure --help ... the options will be there but I think the option for acl support is --with-acl-support or something like that. Both my samba book and a unix terminal are not available to me now. Bri- -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] NTFS-type directory permissions
so does this mean that I do not have ACL support compiled? bash-2.05# ./smbd -b | grep -i ACL HAVE_SYS_ACL_H HAVE_NO_ACLS HAVE__ACL HAVE__FACL On Fri, 03 Sep 2004 11:04:56 -0500, Paul Gienger [EMAIL PROTECTED] wrote: You have just, but the kernel and FS used for store data must using ACL... It's just patch kernel (if kernel 2.4.x) for ACL support http://acl.bestbits.at and use a FS which have this possibility : - ext3 - ReiserFS - JFS - XFS He's on Solaris, which has ACL support built in to UFS. Just make sure that samba was compiled with it like so: [fgoserv:/]# /opt/samba/sbin/smbd -b |grep ACL HAVE_SYS_ACL_H HAVE_SOLARIS_ACLS HAVE__ACL HAVE__FACL -- Paul Gienger Office: 701-281-1884 Applied Engineering Inc. Information Systems Consultant Fax:701-281-1322 URL: www.ae-solutions.commailto: [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
