Solved

Folder sharing from Linux to Windows

Posted on 2001-08-03
7
204 Views
Last Modified: 2010-03-18
We have just installed a Linux file-server to replace a WinNT server. In Windows NT we had a directory structure with folders for home users and public folders for some important files. Every user has the only right to read/write his/her home folder and read the public folders. And the adminstrator has the right to access ALL folders in the system. But also you have the ability to give access to other users to a file or folder.

For example: User1, User2, User3, Administrator
-User1 has a folder called Folder1
-User2 has a folder called Folder2
-User3 has a folder called Folder3
-The system has 1 public folder called Public
-User1 can access Folder1 and Public
-User2 can access Folder2 and Public
-User3 can access Folder3 ans Public
-User1 cannot access Folder2 nor Folder3
-User2 cannot access Folder1 nor Folder3
-User3 cannot access Folder1 nof Folder2
-The User2 give User1 the privilege to read/write Folder2
-Now, User1 can read/write Folder2
-Administrator give User3 the ability of full access to all folders
-Now, User3 can access ALL folders in the system.
(Let's say that User3 is an Administrator also)

How can I do this in Linux? Because I can do all the directory structure but just the root can access all the folders and I need the ability to grant access to specific users to write in Public folders, the other users to read and to have some users that can access read/write ALL folders. Like in WINNT.

I'm using the lastest version of SAMBA and LINUX 7.0
0
Comment
Question by:conti
  • 3
  • 3
7 Comments
 
LVL 17

Expert Comment

by:dorward
ID: 6350284
I think you can use groups. (not sure though as I've never done it myself)

Give read and write permission to certain groups and add users to those groups. You might want a different group for each directory.
0
 
LVL 51

Expert Comment

by:ahoffmann
ID: 6351048
it's as dorward said: use UNIX groups.
just remove permissions on the folders for group and world, that's it.
With Samba (smb.conf) you can even more restrict access to (samba-)users, see man smb.conf (Keywords: guest ok, public, writable, browsable, create mask, valid users); probably this is enough to archieve what you need, but can only done by admins (of smb.conf)

BUT
 > The User2 give User1 the privilege to read/write Folder2
this is not possible with standard groups functionality, a user may just give permissions to a group or world, but not a specific user (except that user is the only member of a group).
If you realy need a permissions per user basis, you need ACLs for your filesystem on Linux too.
0
 
LVL 51

Expert Comment

by:ahoffmann
ID: 6351051
wait, AFAIK Samba can be configured such as a user may admin his share with his privileges, without requiering admin permissions.

Never tried it, but if you look at smb.conf, there is a include directive, so if you define your [homes] section like:

[homes]
  comment = user's private home
  include = /home/%U%/my-smb.conf

and /home/%U%/my-smb.conf is readable/writable by the (samba-)user only, and contains what you like here.

At least on dragon needs to be beated:
  after changing my-smb.conf by the user (or admin), the user must disconnect from Samba, so that due to the next connection the my-smb.conf is read again
0
Give your grad a cloud of their own!

With up to 8TB of storage, give your favorite graduate their own personal cloud to centralize all their photos, videos and music in one safe place. They can save, sync and share all their stuff, and automatic photo backup helps free up space on their smartphone and tablet.

 

Author Comment

by:conti
ID: 6355811
So, there isn't a easy way to do this as in WinNT. The reason that I'm trying to do this is because the group of users save a lot of files in the File server, but sometimes some files have virus and I'm responsible of detecting those virus and removing them. But if (with my windows) I can't access all folders (without using root) then I cannot use an anti-virus program to scan all the files. In WinNT I had an anti-virus installed in the server and it scanned every weekend all the files, but with this I cannot do this (even if I install the anti-virus in other computer). Is this correct?
0
 

Author Comment

by:conti
ID: 6355997
Or, is there a way to give User1 the privileges that root has? at least for the folders?
0
 
LVL 51

Accepted Solution

by:
ahoffmann earned 100 total points
ID: 6356049
solution for what you need (which is different to your example in the question) sound easy:

If admin is the user you want to be to start the AntiVirus software, then do following (for example):

/etc/passwd:
   admin:*:11110:11110:.....
   user1:*:11111:11111:.....
   user2:*:11112:11111:.....
   # and so on ..
/etc/group:
   admin:*:11110:
   people:*:11111:admin

Then make all your Folders owned by the users (user1, user2, etc.) and group people. Make the folders at least mode 770.
If you need that some users are not allowed to look at some other folders, you need to define several "people" groups ,  but keep in mind that this gets tricky (see my first comment).
You also may configure to allow several users to use sevaral folders in smb.conf shares (see my 1'st comment)
0
 

Author Comment

by:conti
ID: 6360550
Seems to be no easy solution for this. I appreciate your comments.
0

Featured Post

Microsoft Certification Exam 74-409

Veeam® is happy to provide the Microsoft community with a study guide prepared by MVP and MCT, Orin Thomas. This guide will take you through each of the exam objectives, helping you to prepare for and pass the examination.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I have seen several blogs and forum entries elsewhere state that because NTFS volumes do not support linux ownership or permissions, they cannot be used for anonymous ftp upload through the vsftpd program.   IT can be done and here's how to get i…
Note: for this to work properly you need to use a Cross-Over network cable. 1. Connect both servers S1 and S2 on the second network slots respectively. Note that you can use the 1st slots but usually these would be occupied by the Service Provide…
Internet Business Fax to Email Made Easy - With eFax Corporate (http://www.enterprise.efax.com), you'll receive a dedicated online fax number, which is used the same way as a typical analog fax number. You'll receive secure faxes in your email, fr…
Both in life and business – not all partnerships are created equal. As the demand for cloud services increases, so do the number of self-proclaimed cloud partners. Asking the right questions up front in the partnership, will enable both parties …

920 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

15 Experts available now in Live!

Get 1:1 Help Now