how to allow a single user to acces all other shared dir in samba fileserver

centos123 · 09-23-2011, 06:04 AM

hi
i need help in samba file server which is in my network.
it is accessed mainly by window xp/7 users.
i need to give one user full access over all samba shared dir.in a way that this user can acess other dir.but rest of user cannot access eachother dir.

my all samba share dir is protected with permission.so no other user can access with out password.

so what should i change in smb.conf so that particular user can access all share dir.

Felipe · 09-23-2011, 01:05 PM

Hallo:

One way can be using ACL:

1- When you configure Samba, in smb.conf, put:

Quote:

...
create mask = 0700
directory mask = 0700
inherit permissions = Yes
inherit acls = Yes
map acl inherit = Yes
...
[data]
comment = Share for data on the server....
path = /data
volume = data

Reload samba
# service smb reload

2- Enable ACL in the partition (if ext3, ext4) by modifying /etc/fstab

Quote:

Ex: For a partition /data
/dev/sdb1 /data ext4 acl,user_xattr

Remount the partition with:
mount -o remount /data ( or the partition we are going to use with ACL).

3- Assign permissions to folder and directories. Some samples (PLEASE, ARE SAMPLES, SO BE CAREFUL)

Quote:

- Allow whole access to user root and nothing to group and others
chown -R root: /data
chmod -R 700 /data

- Allow "folder1" and its content access for read to all users of domain.
setfacl -R -m g:"Domain Users":rx /data/folder1
setfacl -R -d -m g:"Domain Users":rx /data/folder1

- Allow "folder2" and its content access to all users of DA group "group2" for rw.
setfacl -R -m g:group2:rwx /data/folder2
setfacl -R -d -m g:group2:rwx /data/folder2

- Allow shared "/data" and its content whole access to a user of AD called "Administrator".
setfacl -R -m u:administrator:rwx /data
setfacl -R -d -m u:administrator:rwx /data

- See current ACL for folder1
getfacl /data/folder1

- Delete all ACL for folder2 and its content.
setfacl -R -b /data/folder2

The first line of each sample, applies to existing data. The second (with -d option), means default, what is going to be applied to new file/folders.

Is important to know that ACL are used for Samba Shares and Local access. So if a user connects to the machine using ssh, telnet, ... the same security is used.
In this way, what you really do is assigning permissions to the folders/files and say samba to use that security.

When I say "group" and "user" of domain, is possible that you have to put the domain of the user/group depending of the configuration of samba. So really, previous commands should be:

Quote:

setfacl -R -d -m g:DOMAIN\\group2:rx /data/folder2

with "DOMAIN" the name of the domain in AD.
Another way for changing permissions, is to use explorer from a Windows Client (if the users has the necessary rights, of course) as if it were a Windows Share.

Regards

centos123 · 09-24-2011, 12:03 AM

iam not using AD ...its just a samba server for sharing dir.

santosh.love36 · 09-24-2011, 12:21 AM

i am still trying how to configure samba server in centos but not getting success yar ,,, dnt know where i do changes in vi /etc/samab/smb.conf

lithos · 09-24-2011, 03:51 AM

well, perhaps you need to install it first (yum install samba) ?

centos123 · 10-03-2011, 06:58 AM

iam already working on samba ...centos os...
my smb share is working fine..but i need some changes in with one user smb setting.i want to make one samba user as admin so that he can access all smb users shared dir and file.without password..prompt...
so is their is any way to provide such permission .............

Felipe · 10-10-2011, 04:05 PM

As I've told you, you can use ACL (are independent you use Active Directory/Ldap or not).

Give that user permission with ACL as the samples I've put (intead ofr "Domain user" will be root or admins...).