Solved

Nested shares in SAMBA?

Posted on 2002-04-24
4
640 Views
Last Modified: 2008-02-01
I have a share(let's call it myshare), with a "force group" of "userset1"(userset1 is a group that has usera and userb and userc), and directory mask 770, and allowed users "userset1". This works well, but now I want to further restrict a directory(let's call it restricteddir) that's inside myshare, to only allow userb and userc to access it(and not usera). So I created a unix group called userset2, and placed userb and userc inside of it. Then I reset ownership on  restricteddir to be owned by the group userset2. This works fine too...The only thing I'm afraid of is what happens if userb(or userc) decides to rename restrictedir. Since the force group is userset1, won't it reset the group ownership to userset1? If so restricteddir won't be restricted any more....So I'm looking for a more graceful solution. I've thought of creating two shares:
1. Path: /mydrive/myshare  ShareName: myshare
2. Path: /mydrive/myshare/restricteddir Sharename: Myshare2(or whatever)
Would this work? Can shares be nested like this? Would the permissions on share #2 override permissions on share 1 for the restricteddir directory?
0
Comment
Question by:tibori
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
4 Comments
 
LVL 51

Accepted Solution

by:
ahoffmann earned 75 total points
ID: 6967829
renaming (using mv) does not change group ownership

If you want that each directory gets a special group, nevertheless which user creates it, set the group's s-bit, like:

     mkdir myshare
     chgrp group2 myshare
     chmod g+s myshare

now, every user which is allowed to write into myshare, can create files and dirs, and they automatically have group group2
0
 
LVL 3

Author Comment

by:tibori
ID: 6969925
Does this interfere with samba's force group(being a different group)?
0
 
LVL 51

Expert Comment

by:ahoffmann
ID: 6969987
yes and no, depends on your point of view.
The forced group must be a /etc/group too, and so the rules for this group apply for filesystem operations done by Samba.
0
 

Expert Comment

by:CleanupPing
ID: 9078505
tibori:
This old question needs to be finalized -- accept an answer, split points, or get a refund.  For information on your options, please click here-> http:/help/closing.jsp#1 
EXPERTS:
Post your closing recommendations!  No comment means you don't care.
0

Featured Post

Free learning courses: Active Directory Deep Dive

Get a firm grasp on your IT environment when you learn Active Directory best practices with Veeam! Watch all, or choose any amount, of this three-part webinar series to improve your skills. From the basics to virtualization and backup, we got you covered.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I have seen several blogs and forum entries elsewhere state that because NTFS volumes do not support linux ownership or permissions, they cannot be used for anonymous ftp upload through the vsftpd program.   IT can be done and here's how to get i…
Note: for this to work properly you need to use a Cross-Over network cable. 1. Connect both servers S1 and S2 on the second network slots respectively. Note that you can use the 1st slots but usually these would be occupied by the Service Provide…
If you're a developer or IT admin, you’re probably tasked with managing multiple websites, servers, applications, and levels of security on a daily basis. While this can be extremely time consuming, it can also be frustrating when systems aren't wor…
If you’ve ever visited a web page and noticed a cool font that you really liked the look of, but couldn’t figure out which font it was so that you could use it for your own work, then this video is for you! In this Micro Tutorial, you'll learn yo…

717 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question