Linux - ServerThis forum is for the discussion of Linux Software used in a server related context.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
We have a Windows 2003 server here at work that is just a pure file sharing machine. I have been looking into replacing this with linux (Likely Debian or Ubuntu) running Samba. The question I have is this... Does Linux/Samba support the fine grained access control I can get in Windows. For example, I have a shared folder I let everyone map as their S: drive. In that folder there are several directories such as Accounting, CAD, Sales, etc... These folders are only accessable to users that belong to the corresponding groups I setup in Windows. On several occasions though (Such as our CAD folder) I have another group that just gets read-only permissions. Can I do this type of thing in Linux/Samba? Will Linux/Samba let me control files down to the user level... for example letting me give different access permission to a particular file based on the user?
Thank you for your time. I hope someone can give me some insight or even just point me into the right direction for more information.
This is no problem.
All nessesary stuff is controlled by the smb.conf.
Informations about that is a lot out in the I-net.
Look for "PDC samba" in a google search and you'll be fine.
Even if you don't want to use the CIFS/SMB for PDC they will explain how to organize the security modes with groups.
valid users = @cad
in this case @cad would mean that all users of the group cad are valid.
write list = @cad all users of the group would be able to write in this particular share
and so on....
scrips per machine, scripts per user everything is possible.
Distribution: Mac OS X Leopard 10.6.2, Windows 2003 Server/Vista/7/XP/2000/NT/98, Ubuntux64, CentOS4.8/5.4
Posts: 2,986
Rep:
SWAT is a good SAMBA GUI tool.
Yes, you can do fine granular security controls.
HOWEVER, are you sure you want to lose the Windows Server 2003? There are some benefits you get that Samba cannot do. Mainly with Active Directory and deploying out group policies to your Windows machine. If you don't have enough machines to justify this, then SAMBA would be a good alternative. But again, if you have Windows server 2003 already with a purchased license, you might as well stick to it since you paid for it, and instead join another Linux SAMBA machine into the domain. Then you can have the best of both worlds.
For controlling access in the manner you suggest I would recommend using the native Linux user/group permissions. For example my shared drive in the smb.conf simply looks like
[shared]
comment = Shared network data
path = /shared
inherit acls = Yes
read only = No
I set up Linux users for each Windows user and then set the Linux permissions on the directories to restrict who does what.
I'm usualy choosing an Disto named IPBrick (http://vmn.pt/ipbrick/indexen.html) as Server Domain Controller witch is very user friendly.
It has an WebAdmin to manage almost all features we need in an server.
Recentely I've migradet hundreds of users (usernames, pws, e-mail addresses, etc) from a Windows Server 2003 to IPBrick in seconds, with a csv file exported from Windows and imported to Linux.
Give it a try, but note that it isn't free...
In my oppinion is the best Linux Distro to Sys Admin how want to start working with Linux Servers.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.