[CentOS] Using Samba to share Apache web root, securely
Trey Dockendorf
treydock at gmail.com
Tue Aug 9 21:34:52 UTC 2011
On Tue, Aug 9, 2011 at 12:56 PM, Les Mikesell <lesmikesell at gmail.com> wrote:
> On 8/9/2011 12:32 PM, Trey Dockendorf wrote:
> >
> >
> > Now I have a new requirement passed to me, which is a bit more
> complicated.
> >
> > How would I allow individual users the ability only to access specific
> > subfolders within that share without them being a part of the
> > department_a group? My initial idea was to make use of ACLs, but if the
> > POSIX permissions don't allow them write access, then ACLs won't help,
> > will they ? The model is I need users of group department_a to have
> > full control over this share while allowing individual faculty members
> > to access only their personal folders within this share.
>
> You could make a separate samba share with different ownership. At some
> point it might make more sense to use a web-based content manager that
> understands logins/permissions or perhaps a wiki that permits uploads
> instead of randomly mapping file access around. If the users in
> question already have home directories on the server you might make
> things work for individuals with symlinks out of their home directories
> that show up by default in samba - or map the URLs into the public_html
> directory you get with ~ expansion so the home directories are
> self-contained.
>
> --
> Les Mikesell
> lesmikesell at gmail.com
>
> _______________________________________________
> CentOS mailing list
> CentOS at centos.org
> http://lists.centos.org/mailman/listinfo/centos
>
That will probably be the best option while we move these sites to a CMS.
The users are accustomed to using Windows drive letters that are mapped by
our AD to access their content, and I'd like to have to leave that intact
for now.
Now the fun part of making that many share definitions not take up 100's of
lines in my puppet node definitions :-/.
In case anyone is interested I've uploaded what I have thus far for my
Puppet samba module. It's here, https://github.com/treydock/puppet-samba
Thanks
- Trey
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.centos.org/pipermail/centos/attachments/20110809/bc5607c8/attachment.html>
More information about the CentOS
mailing list