Re: I would like Samba share writable by some, readable only by other named subscribers ...

classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: I would like Samba share writable by some, readable only by other named subscribers ...

John H Terpstra - Samba Team
On Thursday 03 March 2005 15:44, John Spence, CCSI, CCNA, CISSP wrote:
> If I do this, reader1 is denied even directory listing - perhaps because
> they are not a valid user?

You really are doing this the hard way. Have you considered making the files
at the file system level fully read/write for all users and then just setting
share level ACLs for access control. This is covered under "Samb Share ACLs".

See chapter 14 "File, Directory and Share Access Control" in the
Samba-HOWTO-Collection.pdf available from:

http://www.samba.org/samba/docs/Samba-HOWTO-Collection.pdf

- John T.

>
> ------- smb.conf -------
> [native6-stuff]
>    path = /native6-stuff
>    valid users = write1 write2 write3
>    guest ok = no
>    read-list = reader1
>    write-list write1 write2 write3
>    force group = writers
>    public = no
>    writable = yes
>    printable = no
>    create mask = 0664
>    directory mask = 0664
> ------------ end -----------
>
> ----------- /etc/group ------------
> writers:x:598:write1,write2,write3
> -------- end -------
>
>
> If I do this, reader1 can see the files (good), cannot create files (good),
> but can modify (write) existing files (bad!)
>
> ------- smb.conf -------
>
> [native6-stuff]
>    path = /native6-stuff
>    valid users = write1 write2 write3 reader1
>    guest ok = no
>    read-list = reader1
>    write-list write1 write2 write3
>    force group = writers
>    public = no
>    writable = yes
>    printable = no
>    create mask = 0664
>    directory mask = 0664
>
> ------------ end -----------
>
> The directory permissions are set so that the three writers are all in the
> "writers" group, so the share ends up with files owned by the various three
> writers, who can all modify each others files (group privs are read/write),
> and the file and directory permissions grant "world" readership.
>
> I want it to allow the three named writers to write, and other Samba users
> to list directories and read files only.  I want other people on the
> network - people with no valid Samba account at all - to have no access at
> all.
>
> I obviously have something wrong.  Any hint would make my day.  Thanks
>
> ----------------------------------------------------
> John Spence, CCSI, CCNA, CISSP
> Native6, Inc.
> IPv6 Training and Consulting
> [hidden email]
> www.native6.com
> ----------------------------------------------------

--
John H Terpstra
Samba-Team Member
Phone: +1 (650) 580-8668

Author:
The Official Samba-3 HOWTO & Reference Guide, ISBN: 0131453556
Samba-3 by Example, ISBN: 0131472216
Hardening Linux, ISBN: 0072254971
Other books in production.
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba
Loading...