Samba ACL issues
 

Hi.

I'm currently setting up an office with shares for each user. Obviously I want the IT team to have full access to all persons share when connecting using windows.

What I've succeeded with so far:

• Hook Samba into LDAP
• Create a share (obviously)
• Restricted the ACL access so on IT and the actual user can create and edit content in the users folder

The problems I'm having:

• When I as an admin/user creates a file in a users directory the user/admin cannot read or edit the file

My config is as follows:
[backup]
comment = backup
path = /share/username1
valid users = username1, username2, username2
public = no
writable = yes
printable = no
create mask = 0770
browsable = yes

My ACL looks as follows:
# file: username1
# owner: username1
# group: it
user::rwx
user:username1:rwx
user:username2:rwx
group::rwx
mask::rwx
other::---

If I set my samba config to:
[backup]
comment = backup
path = /share/username1
valid users = username1, username2, username2
force group = it
force create mode = 0770
force directory mode = 0770
public = no
writable = yes
printable = no
create mask = 0770
browsable = yes

Everyone gets full access to everything

Please advice.

You could use "write list = %u @it" where "it" is a group of IT users. You might want to have the share defined with the path containing a %u or %U user variable. There are other variables you can use. Using them you don't have to have a separate share defined for each user.