[ale] Samba...success!!!! and........permissions help!

Jonathan Glass jonathan.glass at ibb.gatech.edu
Tue Oct 14 23:26:40 EDT 2003


Keith Morris wrote:

>Hi all...the eternal lurking newbie checking in again...
>
>At work we have been having trouble with one particular W2K server in
>our Active Directory (blech) going bonkers on a single share (a very
>important share) so I have been touting setting up a Samba 3.0 server...
>
>Well, for proof of concept, I set up a Samba 3.0 server on an old
>Pentium Pro 200 with 64MB of ram on RH 9 and it COMPLETELY SMOKED the
>1GHz 512MB W2K server in performance....
>
>...as an aside....for a newbie, it ain't a whole lot of fun getting
>kerberos5 authentication to a Native Windows Active Directory to work,
>but it DOES work...
>
>Anyway, to my problem...
>
>Permissions... NTFS and unix permissions are completely differnet
>(duh).  Let's say I have an entire group of designers in group
>"InteractiveGroup" and I have sales people in "SalesGroup".  How do I
>set permissions on a samba share (as well as file create masks) so that
>the InteractiveGroup has Read+Write permissions on the share and the
>SalesGroup only has read permissions?
>
>This is the last step toward infiltrating our first Linux server into an
>exclusively windows house...
>
>Any help would be greatly appreciated.
>
>Keith Morris
>Creative Director
>Design / Effects
>IQ Television Group
>http://www.iqtv.com
>
>
>
>_______________________________________________
>Ale mailing list
>Ale at ale.org
>http://www.ale.org/mailman/listinfo/ale
>  
>

Hmm.. Let's see.  You need two groups of users.  Do these groups already 
exist in the domain?  If so, then use the @GROUPNAME feature to limit 
users to a share. 

If not, you can create these groups with samba, but that's another email.

This is off the top of my head, so it may not be exactly right, but it 
should be close.

smb.conf
[SpecialShare]
    path = /home/bar
    read only = yes
    write list = @InteractiveGroup
    valid users = @InteractiveGroup, @SalesGroup
#  the browseable flag will make the share visible or not visible 
whenever someone double-clicks on the server in network neighborhood
;    browseable = no

HTH

Jonathan Glass



More information about the Ale mailing list