Dear Jeremy,
Thanks very much for your reply.
Using posix acls maybe can set permissions for different users, but the control
right still on manager's hand, while on users' hand, that is, user still cannot
control the permission by themselves.
And you referred 3.2.x, do you mean that if I want to let user control the
files permission by themselves with "nt acl support", I need to upgrate samba
to 3.2.x? Thanks.
Meanwhile, if I upgrade samba to 3.2.x, I still need to set folders on the
same level of /Dept while not under /Dept, because folders under /Dept will
inherit the permissions. Please advise. Thank you very much.
Best Regards
Andy Zhou/ICILSZX
_____
From: Jeremy Allison [mailto:[EMAIL PROTECTED]
To: Andy Zhou/ICILSZX [mailto:[EMAIL PROTECTED]
Cc: samba@lists.samba.org
Sent: Tue, 04 Nov 2008 09:43:16 +0800
Subject: Re: [Samba] How to set file/folder permission flexibly in Samba
On Mon, Nov 03, 2008 at 01:59:29PM +0800, Andy Zhou/ICILSZX wrote:
> Hi All,
>
> I am using Samba 3.0.10 on IBM server with REHL 4 Os. The detailed
> infromation as below.
> -----------------------------------------------------------------
> [EMAIL PROTECTED] samba]# uname -a
> Linux ufhkglx02 2.6.9-67.ELsmp #1 SMP Wed Nov 7 13:58:04 EST 2007 i686 i686
> i386 GNU/Linux
> [EMAIL PROTECTED] samba]# cat /etc/redhat-release
> Red Hat Enterprise Linux ES release 4 (Nahant Update 6)
> [EMAIL PROTECTED] samba]# smbstatus -V
> Version 3.0.25b-0.4E.6
> --------------------------------------------------------------------
>
> Currently, we are planning to migration NT domain to Samba domain, and the
> file/folders controlled by NT domain controller on NT server will be migrated
> to Linux server with Samba domain. But the problem is:
>
> How to restore the permission for file/folders.
>
> Because in Nt domain, there are some files/folders with special permissions,
> for example:
> UserA and UserB just read folderA
> UserC and UserD can read/write folderA.
>
> In Nt domian, it's easy to do so, we can set such permission by click
> "Security' button in folder A's Property. But with Samba, it's so difficulty.
> Because folderA will be migrated to a root directory in Linux server, such as
> /Dept, that is:
> --Dept
> --A
> --..
> --..
> And we require all users can read/access folder Dept, but cannot access
> folder A except User A, B, C and D (with special permission). Maybe it can
> set group to meet such requirement, but we don't like to do so, because it's
> not flexible, we have large mounts of file/folders with special permission.
>
> Of course, we can set such settings in smb.conf:
> -------------------
>
> [Folder A]
> path = /folderA
> valid users = UserA, UserB, UserC, UserD
> writeable = yes
> read list = UserA, UserB
> write list = UserC, UserD
> create mask = 770
> directory mask = 770
> ----------------
>
> But with such setting, the folderA will under / directory, while not /Dept,
> because we have so many folders need to be shared with special permission, we
> don't like to set too many folders under / partition, we need to set those
> folders all under /Dept.
>
> Therefore, my questions are:
> 1. Is there any way to meet my requirement?
> 2. Is there any way to let user control the permissions by themselves?
> Because with Samba domain, user cannot change the permissin setting in
> folder's security button, even though we set "nt acl support = Yes" in Global
> setting in smb.conf. Does samba 3.0.25 support "nt acl support"?
>
> Any pointers will be very appreciated. Thank you.
3.0.25 is a little old. I suggest using 3.0.32 if you need to stay
on a 3.0.x environment, change to 3.2.4 if not (only bugfixing is
being done on the 3.0.x codebase, no new changes - all new fixes
are being done on 3.2.x and 3.3.x).
You should be able to allow users to change permissions using
the NT ACL editor using Samba. Using posix acls on your backend
filesystem should allow you to meet these needs.
Jeremy.
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/listinfo/samba
