Solved

Nested shares in SAMBA?

Posted on 2002-04-24
4
618 Views
Last Modified: 2008-02-01
I have a share(let's call it myshare), with a "force group" of "userset1"(userset1 is a group that has usera and userb and userc), and directory mask 770, and allowed users "userset1". This works well, but now I want to further restrict a directory(let's call it restricteddir) that's inside myshare, to only allow userb and userc to access it(and not usera). So I created a unix group called userset2, and placed userb and userc inside of it. Then I reset ownership on  restricteddir to be owned by the group userset2. This works fine too...The only thing I'm afraid of is what happens if userb(or userc) decides to rename restrictedir. Since the force group is userset1, won't it reset the group ownership to userset1? If so restricteddir won't be restricted any more....So I'm looking for a more graceful solution. I've thought of creating two shares:
1. Path: /mydrive/myshare  ShareName: myshare
2. Path: /mydrive/myshare/restricteddir Sharename: Myshare2(or whatever)
Would this work? Can shares be nested like this? Would the permissions on share #2 override permissions on share 1 for the restricteddir directory?
0
Comment
Question by:tibori
  • 2
4 Comments
 
LVL 51

Accepted Solution

by:
ahoffmann earned 75 total points
ID: 6967829
renaming (using mv) does not change group ownership

If you want that each directory gets a special group, nevertheless which user creates it, set the group's s-bit, like:

     mkdir myshare
     chgrp group2 myshare
     chmod g+s myshare

now, every user which is allowed to write into myshare, can create files and dirs, and they automatically have group group2
0
 
LVL 3

Author Comment

by:tibori
ID: 6969925
Does this interfere with samba's force group(being a different group)?
0
 
LVL 51

Expert Comment

by:ahoffmann
ID: 6969987
yes and no, depends on your point of view.
The forced group must be a /etc/group too, and so the rules for this group apply for filesystem operations done by Samba.
0
 

Expert Comment

by:CleanupPing
ID: 9078505
tibori:
This old question needs to be finalized -- accept an answer, split points, or get a refund.  For information on your options, please click here-> http:/help/closing.jsp#1
EXPERTS:
Post your closing recommendations!  No comment means you don't care.
0

Featured Post

Free Trending Threat Insights Every Day

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

Join & Write a Comment

I have seen several blogs and forum entries elsewhere state that because NTFS volumes do not support linux ownership or permissions, they cannot be used for anonymous ftp upload through the vsftpd program.   IT can be done and here's how to get i…
Note: for this to work properly you need to use a Cross-Over network cable. 1. Connect both servers S1 and S2 on the second network slots respectively. Note that you can use the 1st slots but usually these would be occupied by the Service Provide…
This video discusses moving either the default database or any database to a new volume.
This tutorial demonstrates a quick way of adding group price to multiple Magento products.

706 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

20 Experts available now in Live!

Get 1:1 Help Now