LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Server (http://www.linuxquestions.org/questions/linux-server-73/)
-   -   How to use samba implementing some files can visible and some files can not visible (http://www.linuxquestions.org/questions/linux-server-73/how-to-use-samba-implementing-some-files-can-visible-and-some-files-can-not-visible-585182/)

willie118 09-16-2007 09:48 PM

How to use samba implementing some files can visible and some files can not visible
 
A files server on linux. I use the samba. security = ADS.

Many Windows PC access the server. There is a directory have 10 files.6 files some users, like guest, have no privilege to read it. how to hide the 6 file for some users?

If can not hide files for somebody, Forbid "Copy" is also ok.

Thanks

jschiwal 09-16-2007 11:44 PM

Is it only guest users that you don't want to read files. Do you want them to be forbidden from reading all the files in the share or only those 6 files. If it is only 6 files of many that certain users are not allowed to read, then I think you want to use nt acl's in windows or posix acls in Linux (setfacl) and use the option "nt acl support = yes".

It may be easier to put these files somewhere else like in their own directory and control access to the directory.

willie118 09-17-2007 12:36 AM

Quote:

Originally Posted by jschiwal (Post 2894231)
Is it only guest users that you don't want to read files. Do you want them to be forbidden from reading all the files in the share or only those 6 files. If it is only 6 files of many that certain users are not allowed to read, then I think you want to use nt acl's in windows or posix acls in Linux (setfacl) and use the option "nt acl support = yes".

It may be easier to put these files somewhere else like in their own directory and control access to the directory.

I'm very sorry to not explain clearly. I have used the ACL in Linux. If I set this 6 files someuses not allowed to read, users also can see it or copy it.

I want to forbid all user can not copy this 6 files except some user that have privilege. So I try to hide them, but not successful.

jschiwal 09-17-2007 03:06 AM

Create a group for the users allow to read the files, and make this group the owner. For the "security = domain" model, I think that you need to map this group to a Windows group. Scan through your servers smb.conf file. If there is an "add group script" and you use Windows NT domain administration tools, then you can use those tools to create a new group and do the mapping.

I don't think that you can make a file invisible for certain users, but you can restrict access.

You probably want to look and see if you have a samba-doc package. It contains 3 books including the Samba 3 Howto & Reference Guide. Look at the chapters starting with Chapter 12.

It may be possible that with your current configuration, you can log into the network with a network admin username/password and use the windows tools to create a new group, add users to the group, restrict access to the files to members of this group or to users using Windows ACLs.

I think you would save yourself a lot of work if this 6 files were located in a separate share and you used a samba access control list to control who has access to the share. For example, you could list the users in the "valid users =" parameter for that service.

I use "security = user" instead of domain, so I could have easily missed something that may be easier. Good Luck!

willie118 09-17-2007 04:32 AM

Very thank you for you reply. I could not forbid users access this 6 files, because there is a program must use this 6 file.
For example, the program is a MSN, it need 6 DLL files. A guest account can use MSN. so the guest account must has privilege to access this 6 DLL files.
But, I don't want the guest account copy the 6 DLL files to locate PC. Is the samba can forbid copy, but allow access ? Or, have other method solve this problem.

willie118 09-17-2007 08:49 PM

Is anybody can help me?
thanks.

jschiwal 09-17-2007 10:26 PM

The process of accessing them involves reading them. It is the same process so you can't do one and forbid the other.

willie118 09-18-2007 12:27 AM

Quote:

Originally Posted by jschiwal (Post 2895353)
The process of accessing them involves reading them. It is the same process so you can't do one and forbid the other.

I know.Thank you very much. I will attempt other.


All times are GMT -5. The time now is 09:48 AM.