LinuxQuestions.org
Visit Jeremy's Blog.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Server
User Name
Password
Linux - Server This forum is for the discussion of Linux Software used in a server related context.

Notices


Reply
  Search this Thread
Old 12-14-2011, 07:20 AM   #1
golden_boy615
Member
 
Registered: Dec 2008
Distribution: Ubuntu Fedora
Posts: 445

Rep: Reputation: 18
how to set different permission for sub directories of a samba shared folder


hello
I want to have different permission on subdirectory of a samba share but I don't know how.
this is my smb.conf file:
Quote:
[global]
workgroup = DM-DOMAIN
netbios name = DM
server string = DM File Server
enable privileges = yes
interfaces = lo,eth0,eth1,eth2
bind interfaces only = Yes
passdb backend = ldapsam:ldapi://%2fvar%2frun%2fslapd%2fldapi
ldap ssl = Off
log level = 1
syslog = 0
log file = /var/log/samba/%m
max log size = 50
vfs objects = full_audit
full_audit:success = connect opendir open disconnect unlink mkdir rmdir rename
full_audit:failure = none
smb ports = 137 138 139 445
name resolve order = wins bcast hosts
time server = Yes
printcap name = CUPS
wins support = Yes
dns proxy = Yes
ldap suffix = dc=DM,dc=dm,dc=com
ldap machine suffix = ou=Computers
ldap user suffix = ou=Users
ldap group suffix = ou=Groups
ldap idmap suffix = ou=Idmap
ldap admin dn = cn=ebox,dc=DM,dc=dm,dc=com
map acl inherit = Yes
printing = cups


[Archive]
comment = Archive
path = /home/samba/shares/Archive
valid users = "mir", "dan", @"Archive", @"Managers"
read list =
write list = "mir", "dan", @"Archive"
admin users = @"Managers"
read only = No
browseable = Yes
force create mode = 0440
force directory mode = 0660
vfs objects = full_audit recycle
recycle: versions = Yes
recycle: repository = /home/.Recycles/%U/%I_%S_%T_RecycleBin
recycle: keeptree = Yes
recycle: excludedir = /tmp|/var/tmp
recycle: directory_mode = 0700
/home/samba/shares/Archive folder has three sub directory named as sub1 and sub2 and sub3 I want mir user has no access to sub1 but read permission to sub2 and read/write permission to sub3 and dan user has read/write access to sub1 but read permission to sub2 and no access permission to sub3. (mir and dan are my network users not local users)
for more information of my filesystem all of my shares are under home/samba/shares/ which /home is not an independent partition on file system and it is a folder under / .
my fstab is:
Quote:
root@DM:~# cat /etc/fstab
proc /proc proc nodev,noexec,nosuid 0 0
/dev/mapper/isw_jaccaghaj_DM1 / ext4 errors=remount-ro,usrquota,grpquota,acl 0 1
/dev/mapper/isw_jaccaghaj_DM5 none swap sw 0 0
my mount points are :
Quote:
root@DM:~# mount
/dev/mapper/isw_jaccaghaj_DM1 on / type ext4 (rw,errors=remount-ro,usrquota,grpquota,acl)
proc on /proc type proc (rw,noexec,nosuid,nodev)
none on /sys type sysfs (rw,noexec,nosuid,nodev)
none on /sys/fs/fuse/connections type fusectl (rw)
none on /sys/kernel/debug type debugfs (rw)
none on /sys/kernel/security type securityfs (rw)
none on /dev type devtmpfs (rw,mode=0755)
none on /dev/pts type devpts (rw,noexec,nosuid,gid=5,mode=0620)
none on /dev/shm type tmpfs (rw,nosuid,nodev)
none on /var/run type tmpfs (rw,nosuid,mode=0755)
none on /var/lock type tmpfs (rw,noexec,nosuid,nodev)
none on /lib/init/rw type tmpfs (rw,nosuid,mode=0755)
/etc/hylafax on /var/spool/hylafax/etc type none (rw,bind)
and:
Quote:
root@DM:~# ls /home/samba/shares/Archive -lh
total 24K
drwxrwxr-x+ 2 dan __USERS__ 4.0K 2011-12-14 14:13 sub1
drwxrwxr-x+ 2 dan __USERS__ 4.0K 2011-12-14 16:26 sub2
drwxrwxr-x+ 2 dan __USERS__ 4.0K 2011-12-14 16:27 sub3
what is the solution for this?
what should I do step by step?
 
Old 12-14-2011, 03:26 PM   #2
angel115
Member
 
Registered: Jul 2005
Location: France / Ireland
Distribution: Debian mainly, and Ubuntu
Posts: 539

Rep: Reputation: 79
At the first glance I would say that what you want to do is not possible, you will need to mount it several times and set the right at the mounting time.

But I can be wrong.
 
Old 12-15-2011, 07:09 AM   #3
golden_boy615
Member
 
Registered: Dec 2008
Distribution: Ubuntu Fedora
Posts: 445

Original Poster
Rep: Reputation: 18
I thing you are absolutely wrong because windows have the same thing and I think linux has to have something even more powerful.
any body any other solution ?
 
Old 12-15-2011, 09:58 AM   #4
KillaSmooth
LQ Newbie
 
Registered: Apr 2011
Posts: 22

Rep: Reputation: 1
This looks like you have four (4) shares. The Archive directory and the three "Sub" directories. If you add the other three definitions in your smb.conf file:

[Archive]
comment = Archive
path = /home/samba/shares/Archive
valid users = "mir", "dan", @"Archive", @"Managers"
...

[Sub1]
comment = Sub1
path = /home/samba/shares/Archive/Sub1
valid users = "dan", @"Archive", @"Managers"
read list = "dan"
write list = "dan", @"Archive", @"Managers"
...

[Sub2]
comment = Sub2
path = /home/samba/shares/Archive/Sub2
valid users = "mir", "dan", @"Archive", @"Managers"
read list = "mir", "dan"
write list = @"Archive", @"Managers"
...

[Sub3]
comment = Sub3
path = /home/samba/shares/Archive/Sub3
valid users = "mir", @"Archive", @"Managers"
read list = "mir"
write list = "mir", @"Archive"
...

etc,
By adding the other three "share definitions", you should get the results that I think you're looking for.
 
Old 12-15-2011, 01:13 PM   #5
golden_boy615
Member
 
Registered: Dec 2008
Distribution: Ubuntu Fedora
Posts: 445

Original Poster
Rep: Reputation: 18
no no no I do not want to add another shares in samba I know that and I can do that but I didn't mean that, please if you do not know the answer do not answer it because it cause the others not to read and answer my question.
 
Old 12-15-2011, 01:46 PM   #6
jschiwal
LQ Guru
 
Registered: Aug 2001
Location: Fargo, ND
Distribution: SuSE AMD64
Posts: 15,733

Rep: Reputation: 680Reputation: 680Reputation: 680Reputation: 680Reputation: 680Reputation: 680
Samba has to obey Linux permissions, which include using ACLs. Look up the manpage for setfacl. The examples on the bottom are easier to follow than the description.

This article covers using Linux ACLs, and also enabling NT ACL support in samba:
http://aisalen.wordpress.com/2007/08/10/acls-on-samba/

One of the first things I discovered, if you use default acls, is you need both a default ACL (for inheritance of new subdirectories) and a normal ACL on the same directory as well.

Another thing not to miss in the article is that you need to add "acl" as a mount option for the filesystem. The filesystem needs to support ACLs. Ext3 and Ext4 do.

Hope this helps.

Last edited by jschiwal; 12-15-2011 at 01:49 PM.
 
1 members found this post helpful.
Old 12-16-2011, 03:04 AM   #7
golden_boy615
Member
 
Registered: Dec 2008
Distribution: Ubuntu Fedora
Posts: 445

Original Poster
Rep: Reputation: 18
Quote:
Another thing not to miss in the article is that you need to add "acl" as a mount option for the filesystem. The filesystem needs to support ACLs. Ext3 and Ext4 do.
do you mean that I have to add some thing in my fstab to support acl? and if my filesytem is ext3 or ext4 it does not need?
 
Old 12-16-2011, 03:18 AM   #8
jschiwal
LQ Guru
 
Registered: Aug 2001
Location: Fargo, ND
Distribution: SuSE AMD64
Posts: 15,733

Rep: Reputation: 680Reputation: 680Reputation: 680Reputation: 680Reputation: 680Reputation: 680
You need to add "acl" in the options field in /etc/fstab/.
 
Old 12-16-2011, 05:44 AM   #9
zQUEz
Member
 
Registered: Jun 2007
Distribution: Fedora, RHEL, Centos
Posts: 294

Rep: Reputation: 54
The OP originally posted
Quote:
/dev/mapper/isw_jaccaghaj_DM1 on / type ext4 (rw,errors=remount-ro,usrquota,grpquota,acl)
which reports "acl" is already turned on for the "/" mount. I don't see any other mounts that would refer to /home/... so it looks like acl is on.

All you need to do then in use to "setfacl" command to apply the permissions.
dan and mir should be in a standard Linux group that allows them at least "x" access to /home/samba/shares/Archive, but assuming neither dan or mir are in standard Linux groups that would allow them any access to /home/samba/shares/Archive/sub* (hence satisfying the requirement where they aren't allowed access), the following should give them access where they need it:
Code:
setfacl -m u:mir:rw -R /home/samba/shares/Archive/sub3
setfacl -m u:mir:r -R /home/samba/shares/Archive/sub2

setfacl -m u:dan:rw -R /home/samba/shares/Archive/sub1
setfacl -m u:dan:r -R /home/samba/shares/Archive/sub2
Please refer to the man pages for setfacl and getfacl for additional details.

Last edited by zQUEz; 12-16-2011 at 05:46 AM.
 
1 members found this post helpful.
Old 12-16-2011, 11:19 AM   #10
KillaSmooth
LQ Newbie
 
Registered: Apr 2011
Posts: 22

Rep: Reputation: 1
Agreed.
Since "acl" is enabled, what zQUEz posted will work.

You can also do this without using "acl":
By setting permissions on the directory(s) itself. Please read the man pages on "chown":

make mir owner of Sub3
make dan owner of SUb1

if mir and dan are in a group, make their group owner of Sub2. Otherwise, create a group and put dan and mir in that group; assign this group as owner of Sub2.

Give your permissions to the directories.

Please read the man pages on "chmod"

If these are the only two (users) associated with these Sub-directoies, then just making them the owners makes sense to me. Then you can just restrict permissions from others.

ie.

root@DM:~# ls /home/samba/shares/Archive -lh
total 24K
drwx------ 2 dan __USERS__ 4.0K 2011-12-14 14:13 sub1
dr-xr-x--- 2 danANDmir danANDmir 4.0K 2011-12-14 16:26 sub2
drwx------ 2 mir __USERS__ 4.0K 2011-12-14 16:27 sub3

Otherwise, just setting the acl on the directory as previously stated.
 
1 members found this post helpful.
Old 12-16-2011, 06:54 PM   #11
jschiwal
LQ Guru
 
Registered: Aug 2001
Location: Fargo, ND
Distribution: SuSE AMD64
Posts: 15,733

Rep: Reputation: 680Reputation: 680Reputation: 680Reputation: 680Reputation: 680Reputation: 680
I confess I missed the 'acl' option on the fstab listing.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
No Permission to see the contents in the mounted shared folder raju.muppana Linux - Networking 4 06-24-2010 01:33 PM
Multi-User shared folder... permission help? chmod etc? thecha Linux - Server 1 03-10-2009 10:56 AM
NAS shared folder permission problem Alex_trebek Linux - Server 5 10-24-2008 05:23 PM
Persistent File Permission s on Shared Directories jackiemcghee Linux - General 3 07-15-2004 02:47 AM
Apply permission on samba shared folder on M$ Windows 2000 vwhk Linux - General 4 07-20-2003 09:53 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Server

All times are GMT -5. The time now is 03:10 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration