Hello,

First, thanks for taking the time to read this. I will try to provide as much detail as I can with out writing a book.

My current setup. Running SAMBA 3 with vsftpd on Ubuntu 5.10 SERVER. I installed krb5-user, winbind and SAMBA for w2k AD integration. I setup the share drive group to be a SECURITY group from AD so my folder permissions are as follows, (user(?)/group(AD Group)/other) This locks down the share folder so only the people in that SECURITY group can see the share. Work great. The current folder setup is like this

WebShare/
(several sub folders)/
Inbound/ and Outbound/
files below here

There will be several sub folders and each one will have an inbound and an outbound.

On top of this that want to have a client from a bunch of offsite locations to be able to upload and download files from the FTP server, with strict requirements of security on each subfolder from the root WebShare folder.

My issue here is I have no way to regulate folder/file permissions that the company puts into the SAMBA share folder(or at least that I am aware of) so for example, /WebShare/subfolderA/Inbound/ will need read write FTP access. No issue, I set the user to the FTP user set it 670 (group needs full access and is the SECURITY GROUP) but my issue is the /WebShare/subfolderA/Outbound foler. This one will be set for read only. so I set the "create mask = 470" in my smb.conf as this will be the only place files should be written to on the share drive side of the house. Here is my caveat, when they create a folder/file in Outbound the user gets set to the AD user that added it thus kicking out my FTP user's ability to see the folder/file. I could run a CRON to constantly change this process but that's not the best practice.

I'm not 100% sure if the office SAMBA users can set the user on the folders from within windows or not (I did install ACL's ont hat share drive) so this is the place where I am stuck. What are my options from here and how should I finish this up. I do have alternate means (ability to create a website for the upload process) and I currently have apache displaying the folders/files just fine on the web.

Can SAMBA and FTP work together like this or are they SOL on this type integration. Can I set multiple different permission schemes on those folder/files?

Thanks for the help

Mitch

I would take a look at vsftpd's config file and see if you can do any permissions magic through vsftpd. Also, read the vsftpd to see if there are additional directives you can specify to have permissions in vsftpd behave more like the Samba permissions you have setup.

One question, when someone greats a file/folder in "Outbound", how would they create it? Would they upload something via FTP or would "Outbound" be mapped as a Windows drive or something?

Peace...

Thanks for the response, all files/folders in Outbound are created by the SAMBA users via a Mapped windows drive.

Thanks

Ok, I think I understand your problem better. Let's confirm this.

A FTP user uploads a file to "Incoming" and on the Linux side the file looks like this:

-rw-rwx--- ftpuser security size date myfile.txt

Then someone puts a copy of myfile.txt in "Outgoing" and on the Linux side the file looks like this:

-r--rwx--- ADuser security size date myfile.txt

If that's right (or close), if the FTP user account is the same, you can maybe have Samba setup to make the ftpuser id the owner for files stored in Outgoing. I've never configured Samba with AD before but see if the "username map" function described in the smb.conf man page might help.

Peace...

I will look more into that, Thanks!

Is my understanding of your problem correct? Let me know if the username map works.

Peace...