• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 651
  • Last Modified:

Nested shares in SAMBA?

I have a share(let's call it myshare), with a "force group" of "userset1"(userset1 is a group that has usera and userb and userc), and directory mask 770, and allowed users "userset1". This works well, but now I want to further restrict a directory(let's call it restricteddir) that's inside myshare, to only allow userb and userc to access it(and not usera). So I created a unix group called userset2, and placed userb and userc inside of it. Then I reset ownership on  restricteddir to be owned by the group userset2. This works fine too...The only thing I'm afraid of is what happens if userb(or userc) decides to rename restrictedir. Since the force group is userset1, won't it reset the group ownership to userset1? If so restricteddir won't be restricted any more....So I'm looking for a more graceful solution. I've thought of creating two shares:
1. Path: /mydrive/myshare  ShareName: myshare
2. Path: /mydrive/myshare/restricteddir Sharename: Myshare2(or whatever)
Would this work? Can shares be nested like this? Would the permissions on share #2 override permissions on share 1 for the restricteddir directory?
0
tibori
Asked:
tibori
  • 2
1 Solution
 
ahoffmannCommented:
renaming (using mv) does not change group ownership

If you want that each directory gets a special group, nevertheless which user creates it, set the group's s-bit, like:

     mkdir myshare
     chgrp group2 myshare
     chmod g+s myshare

now, every user which is allowed to write into myshare, can create files and dirs, and they automatically have group group2
0
 
tiboriAuthor Commented:
Does this interfere with samba's force group(being a different group)?
0
 
ahoffmannCommented:
yes and no, depends on your point of view.
The forced group must be a /etc/group too, and so the rules for this group apply for filesystem operations done by Samba.
0
 
CleanupPingCommented:
tibori:
This old question needs to be finalized -- accept an answer, split points, or get a refund.  For information on your options, please click here-> http:/help/closing.jsp#1 
EXPERTS:
Post your closing recommendations!  No comment means you don't care.
0

Featured Post

Get your Disaster Recovery as a Service basics

Disaster Recovery as a Service is one go-to solution that revolutionizes DR planning. Implementing DRaaS could be an efficient process, easily accessible to non-DR experts. Learn about monitoring, testing, executing failovers and failbacks to ensure a "healthy" DR environment.

  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now