[CentOS] Samba Question

Wed Aug 26 13:42:26 UTC 2009
Johnny Hughes <johnny at centos.org>

Rajagopal Swaminathan wrote:
> Greetings,
> 
> There is a requirement of Samba server with the following specification:
> 
> There are two groups: Designers, Draftsmen
> 
> The share folder hierarchy is Project-->Final
> 
> Now the Designers groups should have rw rights for Projects and subfolders
> 
> The draghtsmen should be able to upload only files (not folders) to
> Final subfolder. They are not allowed to modify/delete anything
> anywhere. They will not have any permission in project folder
> 
> any ideas?

The permissions you ask for are likely not possible within CentOS (at
least not exactly the way you specify them).

You can add ACL permissions to the ext3 file system and use that with
samba ... but with these controls, you have read (r), write(w), and
execute (x) permissions.  There are no ways to allow creating files and
not folders ... also, if you can create files, you can delete them.

The tool setfacl and getfacl can be used to set permissions.

This is a good article to start with:
http://aisalen.wordpress.com/2007/08/10/acls-on-samba/

Here are a couple more:
http://www.centos.org/docs/5/html/Deployment_Guide-en-US/ch-acls.html

You will have to also decide HOW you want to integrate this machine into
other infrastructure.  If you already have some kind of Directory
Service (the newer Widows Active Directory Services, Windows NT type
Directory control, LDAP on Linux, Red Hat Directory Server, etc.).  You
will likely want to make same talk to that service, whatever it is.

This is a 2 step process ... set up and get working ACLs, then set up
and get working samba (this part will depend on what you are integrating
with).


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 251 bytes
Desc: OpenPGP digital signature
URL: <http://lists.centos.org/pipermail/centos/attachments/20090826/4fc8df95/attachment-0005.sig>