Rajagopal Swaminathan wrote:

Greetings,

There is a requirement of Samba server with the following specification:

There are two groups: Designers, Draftsmen

The share folder hierarchy is Project-->Final

Now the Designers groups should have rw rights for Projects and subfolders

The draghtsmen should be able to upload only files (not folders) to Final subfolder. They are not allowed to modify/delete anything anywhere. They will not have any permission in project folder

any ideas?

The permissions you ask for are likely not possible within CentOS (at least not exactly the way you specify them).

You can add ACL permissions to the ext3 file system and use that with samba ... but with these controls, you have read (r), write(w), and execute (x) permissions. There are no ways to allow creating files and not folders ... also, if you can create files, you can delete them.

The tool setfacl and getfacl can be used to set permissions.

This is a good article to start with: http://aisalen.wordpress.com/2007/08/10/acls-on-samba/

Here are a couple more: http://www.centos.org/docs/5/html/Deployment_Guide-en-US/ch-acls.html

You will have to also decide HOW you want to integrate this machine into other infrastructure. If you already have some kind of Directory Service (the newer Widows Active Directory Services, Windows NT type Directory control, LDAP on Linux, Red Hat Directory Server, etc.). You will likely want to make same talk to that service, whatever it is.

This is a 2 step process ... set up and get working ACLs, then set up and get working samba (this part will depend on what you are integrating with).

Rajagopal Swaminathan wrote:

Greetings,

There is a requirement of Samba server with the following specification:

There are two groups: Designers, Draftsmen

The share folder hierarchy is Project-->Final

Now the Designers groups should have rw rights for Projects and subfolders

The draghtsmen should be able to upload only files (not folders) to Final subfolder. They are not allowed to modify/delete anything anywhere. They will not have any permission in project folder

any ideas?

For anything resembling unix filesystem semantics, being able to create and delete files depends on the permissions of the containing directory, although you can constrain deletions to files that you own (the way /tmp works, for example). If can't require a designer to do the move/copy from project to final you might want to look at a revision control system like subversion or a workflow (and more) system like Alfresco where you have greater control over the operations. Subversion saves every revision so even if you delete or modify something you can recall earlier versions. Alfreso can present web/ftp/smb/nfs shares but with some programmed logic controlling who can see/do what.