You could do this with unix permissions, just give group access on the
base dir and sub dir then remove all permission to any other files or
dirs In base dir
Mark.
On 21 Nov 2007, at 17:39, "Matt Lozier" <[EMAIL PROTECTED]>
wrote:
Hi Andrew,
Thank you for your response. The only problem with going this route
is that
I really need to have finer grain control over what the users are
able to
access.
I have situations where user1 needs to have access to /smbshare/dir1
and
dir3 then user2 needs to have access to /smbshare/dir1/subdir1 and
/smbshare/dir3, but *no* access to /smbshare/dir1. I suppose that
the real
problem lies in the poor setup of the root /smbshare. However, any
changes
to this configuration are out of the question because too many
people who
are resistant to change already understand things the way they are ;-)
If I understand LDAP properly (I'm new to this technology) then I
should be
able to store user permissions in the LDAP database, no?
Thanks,
Matt
-----Original Message-----
From: Andrew Sherlock-CF [mailto:[EMAIL PROTECTED]
Sent: Wednesday, November 21, 2007 11:07 AM
To: Matt Lozier; samba@lists.samba.org
Subject: RE: [Samba] Access control question.
Is it out of the question to create many different shares and then
secure the system on a per-share basis?
I'm securing shares individually using Active Directory.
In each share config I have:
valid [EMAIL PROTECTED] @MR_ADGROUP_FOR_READING
write [EMAIL PROTECTED]
read [EMAIL PROTECTED]
Create different groups for each share and you're golden.
Of course, this model can be followed without AD.
-------------------
-----Original Message-----
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]
g] On Behalf Of Matt Lozier
Sent: 21 November 2007 15:58
To: samba@lists.samba.org
Subject: [Samba] Access control question.
Hello,
I have a general administrative question concerning Samba shares.
I have a large amount of data that about 25 users have
limited access to. I
only want these users to have access to a sub-set of this
data, but I also
only want the users to see that which they have access to.
So, for example, suppose that the share looks like thus:
/smbshare
/smbshare/dir1
/smbshare/dir2
/smbshare/dir3
And I only want the users to see that they have access to
/smbshare/dir1 and
/smbshare/dir3. The way that this is currently setup is that I have
symlinks from the user's home directory to /smbshare/dir1 and
/smbshare/dir3. That way then the user maps their home
share, they only see
dir1 and dir3 - dir2 is out of sight, and thus (hopefully)
out of mind.
Is there a better way to implement what I'm trying to do?
I'm currently
looking into setting up permissions as an LDAP directory and
using this as
the means to control access to the data - have also
considered using ACLs -
not sure which way to go!
Any and all help / input is appreciated.
Thank you,
Matt
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/listinfo/samba
http://www.bbc.co.uk/
This e-mail (and any attachments) is confidential and may contain
personal
views which are not the views of the BBC unless specifically stated.
If you have received it in error, please delete it from your system.
Do not use, copy or disclose the information in any way nor act in
reliance
on it and notify the sender immediately.
Please note that the BBC monitors e-mails sent or received.
Further communication will signify your consent to this.
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/listinfo/samba
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/listinfo/samba
