Hi everyone,
I've been fiddling around (and searching the docs, the forum, ...) for the last few days to figure out, how to handle permissions in SMB shares.
Actually it's even two topics.
and the following shares:
Share AB should only be accessible (modify or full control) for users A and B
Share AC should only be accessible (modify or full control) for users A and C
Share BC should only be accessible (modify or full control) for users B and C
Share ABC should only be accessible (modify or full control) for users A, B and C
The only way I found to do this was to set "Auxiliary Parameters " in each share's settings to
force group = AB #[replace by respective group for each share]
create mask = 0770
as otherwise the files would allways be created with a mask of 0700 and owner and primary group of the creating user - and thus beeing inaccessible by everone else.
This kind of works, but I can't help - it doesn't seem to be the right way to do it.
Any suggestion on what would be a better way to configure those shares?
Ingo
I've been fiddling around (and searching the docs, the forum, ...) for the last few days to figure out, how to handle permissions in SMB shares.
Actually it's even two topics.
- Probably the easy one:
- I'd like to use "Access Based Share Enumeration" for some of the shares...
- I found out, that this is based on the "Share ACLs".
- Editing Share ACLs shows an editor that seems to be focused on Active Directory SIDs.
- Shares for different, overlapping groups.
and the following shares:
Share AB should only be accessible (modify or full control) for users A and B
Share AC should only be accessible (modify or full control) for users A and C
Share BC should only be accessible (modify or full control) for users B and C
Share ABC should only be accessible (modify or full control) for users A, B and C
The only way I found to do this was to set "Auxiliary Parameters " in each share's settings to
force group = AB #[replace by respective group for each share]
create mask = 0770
as otherwise the files would allways be created with a mask of 0700 and owner and primary group of the creating user - and thus beeing inaccessible by everone else.
This kind of works, but I can't help - it doesn't seem to be the right way to do it.
Any suggestion on what would be a better way to configure those shares?
Ingo