Re: [Samba] Samba directory level security

Tue, 06 Oct 2009 08:43:27 -0700 

Robert,

ACLs may be possible.  Do I understand correctly that you only have the one 
share and you still force the user to be the webserver user?

From: Robert LeBlanc [mailto:rob...@leblancnet.us]
Sent: Tuesday, October 06, 2009 9:12 AM
To: Poulter, Dale
Cc: samba@lists.samba.org
Subject: Re: [Samba] Samba directory level security

Is the use of ACLs a possibility? Iv'e explained to someone yesterday how to 
use ACLs in Samba with ADS. It works very well for us and we are doing exactly 
what you want except that we only share out the root (www directory in your 
instance) and control everything using ACLs.

Robert LeBlanc
Life Sciences & Undergraduate Education Computer Support
Brigham Young University

On Tue, Oct 6, 2009 at 7:03 AM, Poulter, Dale 
<dale.poul...@vanderbilt.edu<mailto:dale.poul...@vanderbilt.edu>> wrote:
Good morning all,

We are moving our web server from novell to unix (solaris) and will be using 
samba to allow users to edit web pages.  Our samba instance authenticates using 
ADS and the users do not necessarily have accounts on the server itself.  We 
are attempting to allow users to map a single samba share but only see the 
directories they have read access to (see configuration below).  Any 
suggestions?


We have

/www (main share)
/www/dir1
/www/dir2
/www/dir3

everyone should map to /www

group should see something like
dir1
dir2
dir3

group2
dir1
dir2


[www]
      path = /www
      read only = yes
      browseable = no
      guest ok = no
      write list= @Domain\All_Editors
      public = no
      force user=web
      hide unreadable=yes
[dir1]
      path = /www/dir1
      read only = no
      browseable = no
      guest ok = no
      write list= @Domain\DIR1_Editors
      public = no
      force user=web
      hide unreadable=yes

--Dale

---------------------------------------
Dale Poulter
Automation Coordinator
Library Information Technology Services
Vanderbilt University
Suite 700
110 21st Avenue South
Nashville, TN  37240
(615)343-5388
(615)343-8834 (fax)
(615)207-9705 (cell)
dale.poul...@vanderbilt.edu<mailto:dale.poul...@vanderbilt.edu><mailto:dale.poul...@vanderbilt.edu<mailto:dale.poul...@vanderbilt.edu>>

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Reply via email to