By setting "force user = fred" in your smb.conf file you make all authenticated users "become" fred for this share. If fred has write permission then everone who authenticates properly (members of staff group) will be able to write.
Marc Balcells wrote: > > Hello, I'm running samba on a redhat linux 7.3 server in order to share > files to a mixed linux/windows local network without a domain controler, > all clients are configured to do local authentication and this > usernames/passwords are the same as on the linux server. > > I'd like to restrict access to some directories inside samba shares for > specific users, but changing unix file permissions won't do it. > > For example, > I have a share named "stuff" which is permited to all members of the > "staff" group, but inside this share I wan't to restrict access to a > directory called "internal", only one specific user has to be able to > read/write inside it. > As I said I've tried to change unix permissions to 700 but still group > members can read/write inside this directory. > > Once I solve this, I would like to do something like the "veto files" > directive does. I'd like to restrict access to one user to all > directories named "internal" in whichever share they're in. > > Another issue is client code-pages. All my clients use spanish > characters set, but when windows clients create a file with special > characters, linux clients get (invalid unicode) warnings on this > filenames, any clue? > > Anyone can help me in this three issues? > > My smb.conf [GLOBAL] looks like: > smb passwd file = /etc/samba/smbpasswd > hosts deny = ALL > passwd program = /usr/bin/passwd %u > browseable = no > pam password change = yes > force directory mode = 770 > printing = lprng > create mode = 770 > dns proxy = no > force create mode = 770 > encrypt passwords = yes > socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 > character set = ISO8859-15 > printcap name = /etc/printcap > max log size = 0 > hosts allow = 192.168.0.0/255.255.255.0 127.0.0.1 > writable = yes > obey pam restrictions = yes > passwd chat = *New*password* %n\n *Retype*new*password* %n\n > *passwd:*all*authentication*tokens*updated*successfully* > directory mode = 770 > security = user > unix password sync = Yes > hide unreadable = yes > server string = XXXXXXXXXXXXXXX > workgroup = XXXXXXXXXXXXXXX > client code page = cp850 > log file = /var/log/samba/%m.log > netbios name = XXXXXXXXXX > load printers = yes > os level = 20 > > My share looks like: > [stuff] > path = /home/stuff > force group = staff > valid users = @staff > comment = Some Stuff > wide links = no > revalidate = yes > force user = fred > hide unreadable = yes > -- -- ====================================================================== Herb Lewis Silicon Graphics Networking Engineer 1600 Amphitheatre Pkwy MS-510 Strategic Software Organization Mountain View, CA 94043-1351 [EMAIL PROTECTED] Tel: 650-933-2177 http://www.sgi.com Fax: 650-932-2177 PGP Key: 0x8408D65D ====================================================================== -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
