P. 1


|Views: 167|Likes:
Publicado porNurul Istiqomah

More info:

Published by: Nurul Istiqomah on Dec 14, 2010
Direitos Autorais:Attribution Non-commercial


Read on Scribd mobile: iPhone, iPad and Android.
download as PDF, TXT or read online from Scribd
See more
See less





Multiple groups accessing a single directory is a frequent requirement. Often,some
groups require read-write access,whereas others require just read-only access. This is
easy to accomplish in Samba.

First,create directory /data/ourdirand give it chmodattribute 0770. (Owner is root;
group is ourgrp.)

Introduction to Samba



04 8628 CH02 3/17/00 12:59 PM Page 46

Next,create the following share in smb.confand then restart Samba:

read only=yes
valid users=@ourgrp,@writegrp
write list=@writegrp
create mask=770
directory mask=770
force group=ourgrp

This is very similar to the previous setup for one group access to the directory. Here are
the differences:

•write list=is added to grant write access to some groups.

•read only=is changed to yesto prevent writing by all others.

•valid users=now lists more than one group.

Note that this works correctly regardless of the system-wide umasksetting. This directory
will be read-only to any users or groups not enumerated in write list=. Only users or
groups enumerated in valid users=have access to the directory. The force group=
parameter ensures that all files created through Samba in this directory are group ourgrp,
so they can be written and read by everyone in valid users=and written by everyone in

write list=. Note that the @sign before the group names labels them as groups instead
of users.

Both create mask=770and directory mask=770are necessary to ensure that the groups
have full rights to the directory. This is necessary because access to the directory is
granted on the basis of group,not user. The default values of these two parameters do not
allow writing to the directory.

These principles will be further elaborated on throughout this book.

You're Reading a Free Preview

/*********** DO NOT ALTER ANYTHING BELOW THIS LINE ! ************/ var s_code=s.t();if(s_code)document.write(s_code)//-->