Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

Nested shares in SAMBA?

Posted on 2002-04-24
4
Medium Priority
?
648 Views
Last Modified: 2008-02-01
I have a share(let's call it myshare), with a "force group" of "userset1"(userset1 is a group that has usera and userb and userc), and directory mask 770, and allowed users "userset1". This works well, but now I want to further restrict a directory(let's call it restricteddir) that's inside myshare, to only allow userb and userc to access it(and not usera). So I created a unix group called userset2, and placed userb and userc inside of it. Then I reset ownership on  restricteddir to be owned by the group userset2. This works fine too...The only thing I'm afraid of is what happens if userb(or userc) decides to rename restrictedir. Since the force group is userset1, won't it reset the group ownership to userset1? If so restricteddir won't be restricted any more....So I'm looking for a more graceful solution. I've thought of creating two shares:
1. Path: /mydrive/myshare  ShareName: myshare
2. Path: /mydrive/myshare/restricteddir Sharename: Myshare2(or whatever)
Would this work? Can shares be nested like this? Would the permissions on share #2 override permissions on share 1 for the restricteddir directory?
0
Comment
Question by:tibori
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
4 Comments
 
LVL 51

Accepted Solution

by:
ahoffmann earned 300 total points
ID: 6967829
renaming (using mv) does not change group ownership

If you want that each directory gets a special group, nevertheless which user creates it, set the group's s-bit, like:

     mkdir myshare
     chgrp group2 myshare
     chmod g+s myshare

now, every user which is allowed to write into myshare, can create files and dirs, and they automatically have group group2
0
 
LVL 3

Author Comment

by:tibori
ID: 6969925
Does this interfere with samba's force group(being a different group)?
0
 
LVL 51

Expert Comment

by:ahoffmann
ID: 6969987
yes and no, depends on your point of view.
The forced group must be a /etc/group too, and so the rules for this group apply for filesystem operations done by Samba.
0
 

Expert Comment

by:CleanupPing
ID: 9078505
tibori:
This old question needs to be finalized -- accept an answer, split points, or get a refund.  For information on your options, please click here-> http:/help/closing.jsp#1 
EXPERTS:
Post your closing recommendations!  No comment means you don't care.
0

Featured Post

Important Lessons on Recovering from Petya

In their most recent webinar, Skyport Systems explores ways to isolate and protect critical databases to keep the core of your company safe from harm.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I have seen several blogs and forum entries elsewhere state that because NTFS volumes do not support linux ownership or permissions, they cannot be used for anonymous ftp upload through the vsftpd program.   IT can be done and here's how to get i…
Note: for this to work properly you need to use a Cross-Over network cable. 1. Connect both servers S1 and S2 on the second network slots respectively. Note that you can use the 1st slots but usually these would be occupied by the Service Provide…
If you're a developer or IT admin, you’re probably tasked with managing multiple websites, servers, applications, and levels of security on a daily basis. While this can be extremely time consuming, it can also be frustrating when systems aren't wor…
In response to a need for security and privacy, and to continue fostering an environment members can turn to for support, solutions, and education, Experts Exchange has created anonymous question capabilities. This new feature is available to our Pr…

618 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question