How do i grant permissions to samba users
 

we want to setup a samba share where a certain user has permission to write, browse and read the share while we have other users that have permission to read and browse but not write. is this possible and how do i go about doing it.

@ Reply
 

You can use acls to achieve this. Here is what you have to do:

1. Create one group say sharerw and add the users who will require read and write access.
2. Create another group say sharero and add the user who will require read only access.
3. Use setfacl command to set up these groups on the folder with require permission. Do "man setfacl" to get more information on this command. It is quite easy.
4. In your Samba configuration file make the share browseable and make these groups allowed to access this share.
5. Restart samba.
6. When user from any of the group will access Samba share already set permission will be applicable on them.

well i am at a stand still here this doesn't do me much good since you never told me how to add groups and i can't find a strait and simple answer on how to make a group let alone adding users to it and changing the groups permissions and adding the group to a samba share. i looked everywhere on the net and i now don't know what to do.

@ Reply
 

If you would have searched on the internet with the things that I have listed I am quite sure you would have got the information. Anyways, here is how you can do:

1. Create groups one for read only access and one for read and write access:

/* The above group will be later configured with ACL to provide users read and write access. */

/* The above group will be later configured with ACL to provide users read only access. */

2. Add users who require read and write access to sharerw group. Following is the command:

3. Add users who require read only access to sharero group. Following is the command:

4. Set ACL on your share directory. Suppose your share directory is under /. To setup sharerw group to have read and write access to /share run the following command:

To setup sharero group to have read only access to /share run the following command:

5. In the samba configuration file you can under your share configuration put the following lines:

In the above configuration the users file system permission will be taken from ACL. However, if you want to skip step 4 and 5 then you can go with the following option:

4. Directly edit samba configuration file and put the following lines under your share configuration:

I hope this helps.

Note: Make sure that you take backup of Samba configuration file before making any changes

This can also be done within a Samba share simply by using 'read only = yes' and 'write list = <user to have write access>'. e.g. http://oreilly.com/openbook/samba/book/ch06_02.html

thanks allend, the creation of groupe wasn't necessary for you technique and was a lot easier

You need to use both

setfacl -R -m g:sharerw:rwx /share

and

setfacl -R -m d:g:sharerw:rwx /share

The acl setting needs to be set for the directory itself, and then for the default settings, so the sharerw group will have these permissions for files created later.

@ Reply
 

@ jschiwal

Yes, you are right both will be required.

@ baronobeefdip

The only reason I have suggested for creating the groups as they are easy to manage. In your first post you mentioned that there are certain users which require read only access and certain users required read and write access. In my opinion when you are dealing with multiple users then group comes handy.