Samba Permissions Help!

carlosinfl · 05-18-2007, 02:50 PM

I have a problem I can't fix using Samba and I am fairly sure this is a permissions issue. Here is a samba server and I don'

Code:

[root@fback /]# pwd
/
[root@fback /]# ls -l
total 80
drwxr-xr-x   2 root root   3072 Feb 24 04:02 bin
drwxr-xr-x   4 root root   1024 Apr 20 16:31 boot
drwxrws---   8 root admin  4096 May 15 08:31 data
drwxr-xr-x   9 root root   4640 Apr 20 16:42 dev
drwxr-xr-x  68 root root   7168 May 18 15:06 etc
drwxr-xr-x  10 root root   4096 Apr  2 13:43 home
drwxr-xr-x   2 root root   1024 Feb 21  2005 initrd
drwxr-xr-x  11 root root   5120 Apr 21 04:02 lib
drwx------   2 root root  12288 Feb 23 16:13 lost+found
drwxr-xr-x   3 root root   1024 Apr 20 16:42 media
drwxr-xr-x   2 root root   1024 Aug 13  2006 misc
drwxr-xr-x   2 root root   1024 Feb 21  2005 mnt
drwxr-xr-x   2 root root   1024 Feb 21  2005 opt
dr-xr-xr-x  86 root root      0 Apr 20 12:41 proc
drwxr-x---   4 root root   1024 Mar  8 13:44 root
drwxr-xr-x   2 root root   9216 Mar  8 04:02 sbin
drwxr-xr-x   1 root root      0 Apr 20 12:41 selinux
drwxr-xr-x   2 root root   1024 Feb 21  2005 srv
drwxr-xr-x   9 root root      0 Apr 20 12:41 sys
drwxrwxrwt   4 root root   1024 May 18 14:31 tmp
drwxr-xr-x  15 root root   4096 Feb 23 21:15 usr
drwxr-xr-x  19 root root   1024 Feb 23 21:16 var
[root@fback /]# cd /data/
[root@fback data]# ls -l
total 56
drwxrws---   5 root facility  4096 May 11 14:00 facility
drwxrws---  15 root admin     4096 May 18 11:47 images
drwxrws---   8 root admin     4096 May 15 15:00 linux_iso
drwxrws---   2 root admin    16384 Feb 23 23:59 lost+found
drwxrws---  12 root admin     4096 May 17 11:12 software
drwxrws---   2 root admin     4096 Apr 23 14:35 training

As you can see /data is a owned by a group called "admin" and then there is a sub directory called facility that is owned by a group called "facility".

Now my Samba shares out to directories...

/data & /data/facility

\\fback\data should only rwxrwx---
\\fback\facility should only be rwxrwx---

Now members of the facility group can't read \\fback\facility unless they're members of the admin group because the facility folder is a sub of the /data folder who is owned by "admin" group.

Is there a way to make this work? I want people who are only a member of facility group to access /data/facility however not be able to access /data/*

Please help me...

BrianK · 05-18-2007, 03:41 PM

While I can't say with 100% certainty, I don't think it's possible the way you are going about it. If a directory is not readable to certain users, then everything in that directory is also not readable. If they don't have permission to get into a directory, they can't see the subdir to cd into it.

You might want to make the data directory rx by "facility", but the stuff you want to protect inside the data dir only readable by "admin". This means that everyone would be able to see the file names, but only ppl in the admin group could read them.