Re: [Samba] Shared directory contained within another shared directory
Thanks David. That's what I'm going to do. On Thu, Mar 17, 2011 at 10:25 PM, David Roid datar...@gmail.com wrote: Looking at this A subdirectory of the hr directory named hrshared is shared as hrshared and should be accessible to specific users that are not part of the HR department., it's really not a good decision to put it under HR directory. Setup another directory and share, life will be easier. 2011/3/18, Rod securitybas...@gmail.com: Thanks, everyone. I think I'll just move that particular folder and set up the share. On Thu, Mar 17, 2011 at 11:39 AM, Daniel Müller muel...@tropenklinik.de wrote: IN [global] This could be: follow symlinks = yes wide links = yes in the other groups share make: ln –s /shared/depts/hr/hrshared /where/the/link/isset I think the link is then read only or what you set the permission EDV Daniel Müller Leitung EDV Tropenklinik Paul-Lechler-Krankenhaus Paul-Lechler-Str. 24 72076 Tübingen Tel.: 07071/206-463, Fax: 07071/206-499 eMail: muel...@tropenklinik.de Internet: www.tropenklinik.de Von: Santiago Diez [mailto:chebarb...@gmail.com] Gesendet: Donnerstag, 17. März 2011 16:02 An: muel...@tropenklinik.de Cc: Rod; samba@lists.samba.org Betreff: Re: [Samba] Shared directory contained within another shared directory In my case, the idea was that one departement already had a folder that they were used to and that they wanted to share with the rest. So instead of moving all the files, it looked simplier to just take this very folder (it was a little deeper) and share it somewhere else. Santiago On Thu, Mar 17, 2011 at 3:52 PM, Daniel Müller muel...@tropenklinik.de wrote: Hello, why subdirectory!? Just make two simple shares for each group. Bind them together with dfs Ex-tree: +human-resources | +--hr | +--hr_readonly [global] Host msdfs=yes [human-resources] path = /shared/depts/dfsroot msdfs root = yes [hr] comment = Human Resources valid users = @DOMAIN+Personnel path = /shared/depts/hr guest ok = no read only = no create mask = 6770 force create mode = 6770 directory mask = 6770 force directory mode = 6770 [shared_hr] comment = Human Resources Shared information with supervisors valid users = @DOMAIN+Personnel @DOMAIN+Domain Admins @DOMAIN+hr_readonly path = /shared/depts/hrshared guest ok = no writable = yes read list = @DOMAIN+hr_readonly create mask = 6770 force create mode = 6770 directory mask = 6770 force directory mode = 6770 In /shared/depts/dfsroot as root Ln -s msdfs:yourserver\\hr hr Ln -s msdfs;yourserver\\shared_hr shared_hr --- EDV Daniel Müller Leitung EDV Tropenklinik Paul-Lechler-Krankenhaus Paul-Lechler-Str. 24 72076 Tübingen Tel.: 07071/206-463, Fax: 07071/206-499 eMail: muel...@tropenklinik.de Internet: www.tropenklinik.de --- -Ursprüngliche Nachricht- Von: samba-boun...@lists.samba.org [mailto:samba-boun...@lists.samba.org] Im Auftrag von Rod Gesendet: Donnerstag, 17. März 2011 15:26 An: samba@lists.samba.org Betreff: [Samba] Shared directory contained within another shared directory Hello, I have Samba server running version 3.0.33-3.29.el5_5.1. The Samba server is a member server of a Windows 2003 domain. Winbind provides authentication. We have a physical directory named hr that is shared as hr and is accessible to the HR department. A subdirectory of the hr directory named hrshared is shared as hrshared and should be accessible to specific users that are not part of the HR department. File system permissions for the hr directory are set for the domain admin as owner and the HR department security group (in AD) as the group. The file system permissions for the hrshared subdirectory are set for domain admin as owner and the security group that has the people that need access to the hrshared share. With permissions set as they are, users who are not part of the HR group are unable to access the hrshared folder. I'm assuming this is because the hrshared subdirectory is inheriting permissions from the parent hr directory. Here's the share specifications in smb.conf [hr] comment = Human Resources valid users = @DOMAIN+Personnel path = /shared/depts/hr guest ok = no read only = no create mask = 6770 force create mode = 6770 directory mask = 6770 force directory mode = 6770 [shared_hr] comment = Human Resources Shared information with supervisors valid users = @DOMAIN+Personnel @DOMAIN+Domain Admins @DOMAIN+hr_readonly path = /shared/depts/hr/hrshared guest ok = no writable = yes read list = @DOMAIN+hr_readonly create mask = 6770
Re: [Samba] Shared directory contained within another shared directory
I also thought about doing the same thing. I tested it but never actually did it. In my humble opinion, your config (mostly same as mine) would work without a problem. Cheers --- *Santiago DIEZ Directeur **Portable: +33 6 37 90 81 98 Bureau: +33 9 70 44 77 87* *32 boulevard de Strasbourg, 75010 Paris* -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Shared directory contained within another shared directory
On Thu, Mar 17, 2011 at 9:25 AM, Rod securitybas...@gmail.com wrote: and the HR department security group (in AD) as the group. The file system permissions for the hrshared subdirectory are set for domain admin as owner and the security group that has the people that need access to the hrshared share. With permissions set as they are, users who are not part of the HR group are unable to access the hrshared folder. I'm assuming this is because the hrshared subdirectory is inheriting permissions from the parent hr directory. yes, filesystem permissions do override any share level permissions in the conf. you'll need to adjust hrshared permissions as needed. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Shared directory contained within another shared directory
Hello, why subdirectory!? Just make two simple shares for each group. Bind them together with dfs Ex-tree: +human-resources | +--hr | +--hr_readonly [global] Host msdfs=yes [human-resources] path = /shared/depts/dfsroot msdfs root = yes [hr] comment = Human Resources valid users = @DOMAIN+Personnel path = /shared/depts/hr guest ok = no read only = no create mask = 6770 force create mode = 6770 directory mask = 6770 force directory mode = 6770 [shared_hr] comment = Human Resources Shared information with supervisors valid users = @DOMAIN+Personnel @DOMAIN+Domain Admins @DOMAIN+hr_readonly path = /shared/depts/hrshared guest ok = no writable = yes read list = @DOMAIN+hr_readonly create mask = 6770 force create mode = 6770 directory mask = 6770 force directory mode = 6770 In /shared/depts/dfsroot as root Ln -s msdfs:yourserver\\hr hr Ln -s msdfs;yourserver\\shared_hr shared_hr --- EDV Daniel Müller Leitung EDV Tropenklinik Paul-Lechler-Krankenhaus Paul-Lechler-Str. 24 72076 Tübingen Tel.: 07071/206-463, Fax: 07071/206-499 eMail: muel...@tropenklinik.de Internet: www.tropenklinik.de --- -Ursprüngliche Nachricht- Von: samba-boun...@lists.samba.org [mailto:samba-boun...@lists.samba.org] Im Auftrag von Rod Gesendet: Donnerstag, 17. März 2011 15:26 An: samba@lists.samba.org Betreff: [Samba] Shared directory contained within another shared directory Hello, I have Samba server running version 3.0.33-3.29.el5_5.1. The Samba server is a member server of a Windows 2003 domain. Winbind provides authentication. We have a physical directory named hr that is shared as hr and is accessible to the HR department. A subdirectory of the hr directory named hrshared is shared as hrshared and should be accessible to specific users that are not part of the HR department. File system permissions for the hr directory are set for the domain admin as owner and the HR department security group (in AD) as the group. The file system permissions for the hrshared subdirectory are set for domain admin as owner and the security group that has the people that need access to the hrshared share. With permissions set as they are, users who are not part of the HR group are unable to access the hrshared folder. I'm assuming this is because the hrshared subdirectory is inheriting permissions from the parent hr directory. Here's the share specifications in smb.conf [hr] comment = Human Resources valid users = @DOMAIN+Personnel path = /shared/depts/hr guest ok = no read only = no create mask = 6770 force create mode = 6770 directory mask = 6770 force directory mode = 6770 [shared_hr] comment = Human Resources Shared information with supervisors valid users = @DOMAIN+Personnel @DOMAIN+Domain Admins @DOMAIN+hr_readonly path = /shared/depts/hr/hrshared guest ok = no writable = yes read list = @DOMAIN+hr_readonly create mask = 6770 force create mode = 6770 directory mask = 6770 force directory mode = 6770 Is there a way to properly share a subdirectory that has different permissions than the parent directory? Any help is appreciated. Thanks. Rod -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Shared directory contained within another shared directory
On Thu, Mar 17, 2011 at 09:50:14AM -0500, Chris Weiss wrote: yes, filesystem permissions do override any share level permissions in the conf. you'll need to adjust hrshared permissions as needed. Pedantically, it's not that one overrides the other; the restrictions in the two different components are additive. -- Bruce Explota!: miles de lemmings no pueden estar equivocados. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Shared directory contained within another shared directory
IN [global] This could be: follow symlinks = yes wide links = yes in the other groups share make: ln s /shared/depts/hr/hrshared /where/the/link/isset I think the link is then read only or what you set the permission EDV Daniel Müller Leitung EDV Tropenklinik Paul-Lechler-Krankenhaus Paul-Lechler-Str. 24 72076 Tübingen Tel.: 07071/206-463, Fax: 07071/206-499 eMail: muel...@tropenklinik.de Internet: www.tropenklinik.de Von: Santiago Diez [mailto:chebarb...@gmail.com] Gesendet: Donnerstag, 17. März 2011 16:02 An: muel...@tropenklinik.de Cc: Rod; samba@lists.samba.org Betreff: Re: [Samba] Shared directory contained within another shared directory In my case, the idea was that one departement already had a folder that they were used to and that they wanted to share with the rest. So instead of moving all the files, it looked simplier to just take this very folder (it was a little deeper) and share it somewhere else. Santiago On Thu, Mar 17, 2011 at 3:52 PM, Daniel Müller muel...@tropenklinik.de wrote: Hello, why subdirectory!? Just make two simple shares for each group. Bind them together with dfs Ex-tree: +human-resources | +--hr | +--hr_readonly [global] Host msdfs=yes [human-resources] path = /shared/depts/dfsroot msdfs root = yes [hr] comment = Human Resources valid users = @DOMAIN+Personnel path = /shared/depts/hr guest ok = no read only = no create mask = 6770 force create mode = 6770 directory mask = 6770 force directory mode = 6770 [shared_hr] comment = Human Resources Shared information with supervisors valid users = @DOMAIN+Personnel @DOMAIN+Domain Admins @DOMAIN+hr_readonly path = /shared/depts/hrshared guest ok = no writable = yes read list = @DOMAIN+hr_readonly create mask = 6770 force create mode = 6770 directory mask = 6770 force directory mode = 6770 In /shared/depts/dfsroot as root Ln -s msdfs:yourserver\\hr hr Ln -s msdfs;yourserver\\shared_hr shared_hr --- EDV Daniel Müller Leitung EDV Tropenklinik Paul-Lechler-Krankenhaus Paul-Lechler-Str. 24 72076 Tübingen Tel.: 07071/206-463, Fax: 07071/206-499 eMail: muel...@tropenklinik.de Internet: www.tropenklinik.de --- -Ursprüngliche Nachricht- Von: samba-boun...@lists.samba.org [mailto:samba-boun...@lists.samba.org] Im Auftrag von Rod Gesendet: Donnerstag, 17. März 2011 15:26 An: samba@lists.samba.org Betreff: [Samba] Shared directory contained within another shared directory Hello, I have Samba server running version 3.0.33-3.29.el5_5.1. The Samba server is a member server of a Windows 2003 domain. Winbind provides authentication. We have a physical directory named hr that is shared as hr and is accessible to the HR department. A subdirectory of the hr directory named hrshared is shared as hrshared and should be accessible to specific users that are not part of the HR department. File system permissions for the hr directory are set for the domain admin as owner and the HR department security group (in AD) as the group. The file system permissions for the hrshared subdirectory are set for domain admin as owner and the security group that has the people that need access to the hrshared share. With permissions set as they are, users who are not part of the HR group are unable to access the hrshared folder. I'm assuming this is because the hrshared subdirectory is inheriting permissions from the parent hr directory. Here's the share specifications in smb.conf [hr] comment = Human Resources valid users = @DOMAIN+Personnel path = /shared/depts/hr guest ok = no read only = no create mask = 6770 force create mode = 6770 directory mask = 6770 force directory mode = 6770 [shared_hr] comment = Human Resources Shared information with supervisors valid users = @DOMAIN+Personnel @DOMAIN+Domain Admins @DOMAIN+hr_readonly path = /shared/depts/hr/hrshared guest ok = no writable = yes read list = @DOMAIN+hr_readonly create mask = 6770 force create mode = 6770 directory mask = 6770 force directory mode = 6770 Is there a way to properly share a subdirectory that has different permissions than the parent directory? Any help is appreciated. Thanks. Rod -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- ___ TEL +33637908198 - MSN santiago.d...@free.fr - SKYPE chebarbudo - YAHOO MSG santiago_diez -- To unsubscribe from this list go
Re: [Samba] Shared directory contained within another shared directory
Thanks, everyone. I think I'll just move that particular folder and set up the share. On Thu, Mar 17, 2011 at 11:39 AM, Daniel Müller muel...@tropenklinik.de wrote: IN [global] This could be: follow symlinks = yes wide links = yes in the other groups share make: ln –s /shared/depts/hr/hrshared /where/the/link/isset I think the link is then read only or what you set the permission EDV Daniel Müller Leitung EDV Tropenklinik Paul-Lechler-Krankenhaus Paul-Lechler-Str. 24 72076 Tübingen Tel.: 07071/206-463, Fax: 07071/206-499 eMail: muel...@tropenklinik.de Internet: www.tropenklinik.de Von: Santiago Diez [mailto:chebarb...@gmail.com] Gesendet: Donnerstag, 17. März 2011 16:02 An: muel...@tropenklinik.de Cc: Rod; samba@lists.samba.org Betreff: Re: [Samba] Shared directory contained within another shared directory In my case, the idea was that one departement already had a folder that they were used to and that they wanted to share with the rest. So instead of moving all the files, it looked simplier to just take this very folder (it was a little deeper) and share it somewhere else. Santiago On Thu, Mar 17, 2011 at 3:52 PM, Daniel Müller muel...@tropenklinik.de wrote: Hello, why subdirectory!? Just make two simple shares for each group. Bind them together with dfs Ex-tree: +human-resources | +--hr | +--hr_readonly [global] Host msdfs=yes [human-resources] path = /shared/depts/dfsroot msdfs root = yes [hr] comment = Human Resources valid users = @DOMAIN+Personnel path = /shared/depts/hr guest ok = no read only = no create mask = 6770 force create mode = 6770 directory mask = 6770 force directory mode = 6770 [shared_hr] comment = Human Resources Shared information with supervisors valid users = @DOMAIN+Personnel @DOMAIN+Domain Admins @DOMAIN+hr_readonly path = /shared/depts/hrshared guest ok = no writable = yes read list = @DOMAIN+hr_readonly create mask = 6770 force create mode = 6770 directory mask = 6770 force directory mode = 6770 In /shared/depts/dfsroot as root Ln -s msdfs:yourserver\\hr hr Ln -s msdfs;yourserver\\shared_hr shared_hr --- EDV Daniel Müller Leitung EDV Tropenklinik Paul-Lechler-Krankenhaus Paul-Lechler-Str. 24 72076 Tübingen Tel.: 07071/206-463, Fax: 07071/206-499 eMail: muel...@tropenklinik.de Internet: www.tropenklinik.de --- -Ursprüngliche Nachricht- Von: samba-boun...@lists.samba.org [mailto:samba-boun...@lists.samba.org] Im Auftrag von Rod Gesendet: Donnerstag, 17. März 2011 15:26 An: samba@lists.samba.org Betreff: [Samba] Shared directory contained within another shared directory Hello, I have Samba server running version 3.0.33-3.29.el5_5.1. The Samba server is a member server of a Windows 2003 domain. Winbind provides authentication. We have a physical directory named hr that is shared as hr and is accessible to the HR department. A subdirectory of the hr directory named hrshared is shared as hrshared and should be accessible to specific users that are not part of the HR department. File system permissions for the hr directory are set for the domain admin as owner and the HR department security group (in AD) as the group. The file system permissions for the hrshared subdirectory are set for domain admin as owner and the security group that has the people that need access to the hrshared share. With permissions set as they are, users who are not part of the HR group are unable to access the hrshared folder. I'm assuming this is because the hrshared subdirectory is inheriting permissions from the parent hr directory. Here's the share specifications in smb.conf [hr] comment = Human Resources valid users = @DOMAIN+Personnel path = /shared/depts/hr guest ok = no read only = no create mask = 6770 force create mode = 6770 directory mask = 6770 force directory mode = 6770 [shared_hr] comment = Human Resources Shared information with supervisors valid users = @DOMAIN+Personnel @DOMAIN+Domain Admins @DOMAIN+hr_readonly path = /shared/depts/hr/hrshared guest ok = no writable = yes read list = @DOMAIN+hr_readonly create mask = 6770 force create mode = 6770 directory mask = 6770 force directory mode = 6770 Is there a way to properly share a subdirectory that has different permissions than the parent directory? Any help is appreciated. Thanks. Rod -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read
Re: [Samba] Shared directory contained within another shared directory
In my case, the idea was that one departement already had a folder that they were used to and that they wanted to share with the rest. So instead of moving all the files, it looked simplier to just take this very folder (it was a little deeper) and share it somewhere else. Santiago On Thu, Mar 17, 2011 at 3:52 PM, Daniel Müller muel...@tropenklinik.dewrote: Hello, why subdirectory!? Just make two simple shares for each group. Bind them together with dfs Ex-tree: +human-resources | +--hr | +--hr_readonly [global] Host msdfs=yes [human-resources] path = /shared/depts/dfsroot msdfs root = yes [hr] comment = Human Resources valid users = @DOMAIN+Personnel path = /shared/depts/hr guest ok = no read only = no create mask = 6770 force create mode = 6770 directory mask = 6770 force directory mode = 6770 [shared_hr] comment = Human Resources Shared information with supervisors valid users = @DOMAIN+Personnel @DOMAIN+Domain Admins @DOMAIN+hr_readonly path = /shared/depts/hrshared guest ok = no writable = yes read list = @DOMAIN+hr_readonly create mask = 6770 force create mode = 6770 directory mask = 6770 force directory mode = 6770 In /shared/depts/dfsroot as root Ln -s msdfs:yourserver\\hr hr Ln -s msdfs;yourserver\\shared_hr shared_hr --- EDV Daniel Müller Leitung EDV Tropenklinik Paul-Lechler-Krankenhaus Paul-Lechler-Str. 24 72076 Tübingen Tel.: 07071/206-463, Fax: 07071/206-499 eMail: muel...@tropenklinik.de Internet: www.tropenklinik.de --- -Ursprüngliche Nachricht- Von: samba-boun...@lists.samba.org [mailto:samba-boun...@lists.samba.org] Im Auftrag von Rod Gesendet: Donnerstag, 17. März 2011 15:26 An: samba@lists.samba.org Betreff: [Samba] Shared directory contained within another shared directory Hello, I have Samba server running version 3.0.33-3.29.el5_5.1. The Samba server is a member server of a Windows 2003 domain. Winbind provides authentication. We have a physical directory named hr that is shared as hr and is accessible to the HR department. A subdirectory of the hr directory named hrshared is shared as hrshared and should be accessible to specific users that are not part of the HR department. File system permissions for the hr directory are set for the domain admin as owner and the HR department security group (in AD) as the group. The file system permissions for the hrshared subdirectory are set for domain admin as owner and the security group that has the people that need access to the hrshared share. With permissions set as they are, users who are not part of the HR group are unable to access the hrshared folder. I'm assuming this is because the hrshared subdirectory is inheriting permissions from the parent hr directory. Here's the share specifications in smb.conf [hr] comment = Human Resources valid users = @DOMAIN+Personnel path = /shared/depts/hr guest ok = no read only = no create mask = 6770 force create mode = 6770 directory mask = 6770 force directory mode = 6770 [shared_hr] comment = Human Resources Shared information with supervisors valid users = @DOMAIN+Personnel @DOMAIN+Domain Admins @DOMAIN+hr_readonly path = /shared/depts/hr/hrshared guest ok = no writable = yes read list = @DOMAIN+hr_readonly create mask = 6770 force create mode = 6770 directory mask = 6770 force directory mode = 6770 Is there a way to properly share a subdirectory that has different permissions than the parent directory? Any help is appreciated. Thanks. Rod -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- ___ TEL +33637908198 - MSN santiago.d...@free.fr - SKYPE chebarbudo - YAHOO MSG santiago_diez -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
