Re: [Samba] Dir ACL through windows and chmod
- Date: Wed, 12 Apr 2017 10:13:01 +0100
- From: Rowland Penny via samba <samba@xxxxxxxxxxxxxxx>
- Subject: Re: [Samba] Dir ACL through windows and chmod
On Wed, 12 Apr 2017 11:26:15 +0300
Dmitry via samba <samba@xxxxxxxxxxxxxxx> wrote:
> In need folders have to be seen (and accessed) only by appropriate
> domain groups. For example, there are domain groups g01, g02, g03,
> etc, users in these groups have to see only "their" folders: u01 -
> \\fsrv\n\01, u02 - \\fsrv\n\02, u03 - \\fsrv\n\03
> This is done by "Hide unreadable = yes" in smb.conf, by granting
> access (using "Security" tab in windows' folder rights) for concrete
> group to concrete directory and then chmod'ing this folder to 0770.
> But, if then I again modify ACLs through "Security" (for example -
> adding another group access to folder) samba sets 0777 to this folder
> and it becomes "visible" to all others. And I have again set 0770 on
> Samba server. This seems to work, but:
> - not good to windows admins, which only has to know about "Security"
> tab in folder rights;
> - mixing ACLs with unix rights makes a mess and seems not right way
> to solve task.
> What is the "right way" to do such task?
You could investigate using 'access based share enum = yes'
and setting the permissions from Windows, see here:
You will also need to remove these lines:
valid users = @"Domain Users" @"Domain Admins" @all
admin users = admin @it
# inherit acls = yes
force create mode = 0777
directory mask = 0770
hide unreadable = yes
To unsubscribe from this list go to the following URL and read the