-   Linux - Server (
-   -   Samba veto-files option on an absolute path? (

fmillion 11-12-2011 02:19 AM

Samba veto-files option on an absolute path?
Is there any possible way to use the veto-files option in Samba to cause Samba to inhibit access to a specific absolute directory path?

The command as documented is more or less used as a pattern march against what I'm assuming is the last part of the directory. Like for example it'll say "veto-files = /readme/" will block all files named "readme".

I on the other hand want to restrict access to a specific directory on a specific share.

Let's say I have two shares: public and private. They are both sharing the same path, and both are using the "force user" option. (because I have a few different windows usernames and don't want to mess with Linux filesystem permissions/groups/etc.) However, on the public share I want a specific absolute path (or two) to be invisible to the user accessing the share and not writable or even accessible. So for example: "/mnt/share/Projects/PrivateFiles" should not be visible or accessible anyone using the Public share, but should be fully visible and writable to anyone using the Private share. However, if someone were to, on the Public share, create say /mnt/share/MyStuff/PrivateFiles I don't want that restricted at all. (This is why I want absolute paths.)

Aside from messing with directory permissions, umasks, all that jazz, is there a simple way to accomplish this?

Here's another example of why I might want to do this. Suppose I have the folder /mnt/share/mac which is being shared as a separate share for Mac systems. I also want Macs to have read/write access to the /mnt/share share but not to be able to spew their .DS_Store and all that stuff all over the place. veto-files lets me restrict this on the share hosting /mnt/share but it in turn makes any of those files invisible inside the /mnt/share/mac folder on that same share. In other words, on /mnt/share I want only the absolute paths (e.g. /mnt/share/.DS_Store and /mnt/share/.Trashes) to be blocked; I still want access to say /mnt/share/mac/.DS_Store.




All times are GMT -5. The time now is 08:23 AM.