Solved

Nested shares in SAMBA?

Posted on 2002-04-24
4
623 Views
Last Modified: 2008-02-01
I have a share(let's call it myshare), with a "force group" of "userset1"(userset1 is a group that has usera and userb and userc), and directory mask 770, and allowed users "userset1". This works well, but now I want to further restrict a directory(let's call it restricteddir) that's inside myshare, to only allow userb and userc to access it(and not usera). So I created a unix group called userset2, and placed userb and userc inside of it. Then I reset ownership on  restricteddir to be owned by the group userset2. This works fine too...The only thing I'm afraid of is what happens if userb(or userc) decides to rename restrictedir. Since the force group is userset1, won't it reset the group ownership to userset1? If so restricteddir won't be restricted any more....So I'm looking for a more graceful solution. I've thought of creating two shares:
1. Path: /mydrive/myshare  ShareName: myshare
2. Path: /mydrive/myshare/restricteddir Sharename: Myshare2(or whatever)
Would this work? Can shares be nested like this? Would the permissions on share #2 override permissions on share 1 for the restricteddir directory?
0
Comment
Question by:tibori
  • 2
4 Comments
 
LVL 51

Accepted Solution

by:
ahoffmann earned 75 total points
ID: 6967829
renaming (using mv) does not change group ownership

If you want that each directory gets a special group, nevertheless which user creates it, set the group's s-bit, like:

     mkdir myshare
     chgrp group2 myshare
     chmod g+s myshare

now, every user which is allowed to write into myshare, can create files and dirs, and they automatically have group group2
0
 
LVL 3

Author Comment

by:tibori
ID: 6969925
Does this interfere with samba's force group(being a different group)?
0
 
LVL 51

Expert Comment

by:ahoffmann
ID: 6969987
yes and no, depends on your point of view.
The forced group must be a /etc/group too, and so the rules for this group apply for filesystem operations done by Samba.
0
 

Expert Comment

by:CleanupPing
ID: 9078505
tibori:
This old question needs to be finalized -- accept an answer, split points, or get a refund.  For information on your options, please click here-> http:/help/closing.jsp#1 
EXPERTS:
Post your closing recommendations!  No comment means you don't care.
0

Featured Post

Master Your Team's Linux and Cloud Stack

Come see why top tech companies like Mailchimp and Media Temple use Linux Academy to build their employee training programs.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

I have seen several blogs and forum entries elsewhere state that because NTFS volumes do not support linux ownership or permissions, they cannot be used for anonymous ftp upload through the vsftpd program.   IT can be done and here's how to get i…
Note: for this to work properly you need to use a Cross-Over network cable. 1. Connect both servers S1 and S2 on the second network slots respectively. Note that you can use the 1st slots but usually these would be occupied by the Service Provide…
Although Jacob Bernoulli (1654-1705) has been credited as the creator of "Binomial Distribution Table", Gottfried Leibniz (1646-1716) did his dissertation on the subject in 1666; Leibniz you may recall is the co-inventor of "Calculus" and beat Isaac…
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …

786 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question