[Gllug] Getting required read / write / access permissions
Bruce Richardson
itsbruce at workshy.org
Wed Apr 6 09:00:18 UTC 2011
On Wed, Apr 06, 2011 at 09:40:04AM +0100, Chris Bell wrote:
> Hello,
> I am trying to get the correct access permissions automatically for a
> number of users accessing a server running Debian Lenny at present, with all
> users accessing the server from Microsoft PCs via Samba. The requirements
> are personal home directories with R/W access only by the owner,
Very simple and standard to create in samba. The example configs should
be sufficient.
> a directory
> with full recursive R/W access to all files to all, but only all, on a
> restricted list, plus a directory with full recursive R/W access to all
> listed users.
Are these to be separate shares or two directories on the same share?
If the latter, then POSIX acls are possibly the best tool.
> Individual users need to be able to create sub-directories and
> new files. [ snip ] It would be best if shared files can not be
> deleted once created.
That last bit is simply not possible. If users have sufficient
permissions to create files, they have sufficient to delete them. It is
possible to set up a situation where users can modify the contents of
files but not create, rename or delete them but that's very little use
in real life.
> Some users also need access from their normal computers via
> OpenVPN.
That doesn't make much sense. OpenVPN gives people access to a network,
not to a computer's files. How are the OpenVPN users going to be
accessing the files after they have gained access to the network via
OpenVPN?
> I have created two additional groups (not users), one restricted, the
> other to include all. I have edited /etc/samba/smb.conf to set access
> permissions to 770 on each of the directories, together with the required
> user lists for each.
Can you post the relevant parts of smb.conf? Anything relating to
access permissions in the global config, plus the share sections.
> If I look at man chmod I see that I can specify 770 but
> there are six possible attributes, rwxXst, and when I use ls -al I only see
> three.
I think you need to read up on Unix file permissions and then re-read
the chmod man page.
http://www.zzee.com/solutions/unix-permissions.shtml
> I am still being told that not all the required users have write access
> to all neccessary new files. Have I missed something? Would Microsoft
> limited access permissions over-ride those set by Samba?
Too little information. That would need to be looked at on a case by
case basis, eliminating problems as they are discovered, till there are
no more problems.
--
Bruce
Get thee behind me, Stan: for it is written, thou hast gotten me into
another fine mess. -- Oliver 4:8
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 204 bytes
Desc: Digital signature
URL: <http://mailman.lug.org.uk/pipermail/gllug/attachments/20110406/db5d37ce/attachment.pgp>
-------------- next part --------------
--
Gllug mailing list - Gllug at gllug.org.uk
http://lists.gllug.org.uk/mailman/listinfo/gllug
More information about the GLLUG
mailing list