Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
I have a samba network with windows xp client, all settings are working and also it is been in live server status for the past 3 months, suddenly there is requirement of having a folder which should be accessed by 1 group of people as read only and 4 group as read/write, management wants to restrict a one particular group from writing / chaning any files or folder inside that particular folder, I tried the following and set it as 0775 mask and allowed group4 as a default group for that particular folder, also the group1 user will be there in group2 and group1 and 2 users added in group3 and all group 1,2 and 3 users added in group4. In this if any group going upwards create any folder or file inside this particular shared folder, the same group or higher than that can able to create or modify inside the folder created by that particular folder. I can not give 0777 access to this folder because there is a group which I have to have restrict from creating or modifying anything inside of it but readonly.
The smb.conf file sharing configuration details is pasted below.
Check if your distribution supports ACLs - Linux ACLs are similar enough to Windows to be easy to work out, but not all distributions include support for them. If yours does then you can assign different permissions to different groups with the setfacl utility.
Thanks for your kind reply, could you please explain me with an example to change the ACL of a Folder in linux for a group, let say group1, also I found setfacl utility is available in my RedHat Linux 9 server, but I'm not able to manipulate any options with this command.
Many thanks for your reply, meanwhile I tried some set Group Id option in permission tab of folder properties, it is serve my purpose, for better understanding and future precautionary act for these kind of problem your valid information will be useful.