We have a Windows 2003 server here at work that is just a pure file sharing machine. I have been looking into replacing this with linux (Likely Debian or Ubuntu) running Samba. The question I have is this... Does Linux/Samba support the fine grained access control I can get in Windows. For example, I have a shared folder I let everyone map as their S: drive. In that folder there are several directories such as Accounting, CAD, Sales, etc... These folders are only accessable to users that belong to the corresponding groups I setup in Windows. On several occasions though (Such as our CAD folder) I have another group that just gets read-only permissions. Can I do this type of thing in Linux/Samba? Will Linux/Samba let me control files down to the user level... for example letting me give different access permission to a particular file based on the user?

Thank you for your time. I hope someone can give me some insight or even just point me into the right direction for more information.

This is no problem.
All nessesary stuff is controlled by the smb.conf.
Informations about that is a lot out in the I-net.

Look for "PDC samba" in a google search and you'll be fine.
Even if you don't want to use the CIFS/SMB for PDC they will explain how to organize the security modes with groups.
valid users = @cad

in this case @cad would mean that all users of the group cad are valid.

write list = @cad all users of the group would be able to write in this particular share

and so on....

scrips per machine, scripts per user everything is possible.

Thank you. I will do some more googling. Just out of curiousity, is there any good Samba web based admin tools you would suggest?

SWAT is a good SAMBA GUI tool.

Yes, you can do fine granular security controls.

HOWEVER, are you sure you want to lose the Windows Server 2003? There are some benefits you get that Samba cannot do. Mainly with Active Directory and deploying out group policies to your Windows machine. If you don't have enough machines to justify this, then SAMBA would be a good alternative. But again, if you have Windows server 2003 already with a purchased license, you might as well stick to it since you paid for it, and instead join another Linux SAMBA machine into the domain. Then you can have the best of both worlds.

For controlling access in the manner you suggest I would recommend using the native Linux user/group permissions. For example my shared drive in the smb.conf simply looks like

[shared]
comment = Shared network data
path = /shared
inherit acls = Yes
read only = No

I set up Linux users for each Windows user and then set the Linux permissions on the directories to restrict who does what.

Nothing against SWAT except you need to make a backup of your smb.conf file because swat will over write it.

Personally I think webmin is a bit better and if you're an admin you can perform just about any task you need from it.

I there.

I'm usualy choosing an Disto named IPBrick (http://vmn.pt/ipbrick/indexen.html) as Server Domain Controller witch is very user friendly.

It has an WebAdmin to manage almost all features we need in an server.

Recentely I've migradet hundreds of users (usernames, pws, e-mail addresses, etc) from a Windows Server 2003 to IPBrick in seconds, with a csv file exported from Windows and imported to Linux.

Give it a try, but note that it isn't free...

In my oppinion is the best Linux Distro to Sys Admin how want to start working with Linux Servers.

I hope this will help you!

Best regards,
bigmig