Best way to manage groups
This might seem basic, but I need some advice on managing user access in groups.
I want one user to be in a group that will have very limited access. I want another user to have some access but not be as restricted as the first. Here's what I mean: UserA should have access to /multimedia, UserB should not. I created a group called admin and put UserA in it. Permissions on /multimedia were dwrxr-xr-x, so UserA had access. But so did UserB. When I change permission on /multimedia to dwrxr-x---, neither user has access. I did chown -R root:admin to /multimedia, but UserA is still denied access. Any clues? Basically how to give UserA access to /multimedia but keep UserB totally out? Thanks. |
If I was you I'd double-check everything to make sure it's the way you picture it. I say this because, AFAICT from reading your post, what you are trying to do should work fine. I've even done the same thing just now on my box to show you that it works:
Code:
win32sux@candystore:/tmp$ sudo groupadd example |
I kinda found the problem
Thanks for the quick reply.
I found out what the problem is. UserA is both a regular user and a Samba user. When UserA tries to access /multimedia in Linux, it works fine. When UserA tries to access /multimedia via a Windows machine, they're being told "You do not have permission". I've looked into it and it's a little more complex. I may have to set up a Samba ACL to allow UserA access via Samba. As it is, they do have access at the command line. Do you have any recommendations? I'll keep looking up Samba ACL's unless you have another suggestion. |
Quote:
But surely someone who does will chime-in any moment now. Hang in there. |
Have you added an entry in smb.conf for this user and directory?
Something like this would work: # A private directory, usable only by UserA. [some_share_name] comment = Share Name path = /multimedia valid users = UserA public = no writable = no restart smb after the change. |
That Worked!
Autocross, that seemed to work. I added that line to each Samba share, and UserA does have access. UserB (who only has shell access) does not. This is just how I wanted it set up.
Thanks a lot! |
All times are GMT -5. The time now is 03:22 PM. |