Topic: setup file level permissions instead of i-bay (share) level?

[Patrick B]

Hello everyone,

I hope this is not a crazy questions - but is there a way to setup file level  permissions by user/group on SME V5 instead of i-bay (share) level?

I haven't come up with documentation or threads on this issue, but I assume there are people out there who (like me) are thinking about migrating away from Windoze NT/2K setups.  NT/2K has this type of ACL file level permissions by user/group.  I'm sure Linux does as well.

Ideas/suggestions?

Regards,
Patrick

[Chris O'Donovan]

It's not clear from your post exactly what you want to do.

You can set up an ibay which can be accessed by a group and add specific users to that group. You can have as many groups as you want and users can belong to multiple groups.

Each user has an home directory which is only accessable to that user.

What exactly do you want to do that can't be accomplished with this set up?

Chris

[Patrick B]

Chris,

Sorry for the confusion, I hope I can clear things up here.  Essentially, I'm trying to map a single drive (F:/) on all client desktops to one share, eg. the "cabinet" i-bay; BUT, I'd like some directory's on that "cabinet" i-bay, eg. "cabinet/humanresources" to be available to only certain users/groups.  This is file level permissions, not i-bay (share) level.

Regards,
Patrick

[Richard Emory]

use chown to set up owner/group of files/directories
use chmod to set up permissions on the same

first:
chown adminuser.admingroup admindirectory
this command will set adminuser as the owner of admindirectory AND
admingroup as the group of people allowed to do stuff on the directory based on the permissions.

second:
chmod 750 admindirectory
this will allow adminuser to do anything in admindirectory (7) AND
users in admingroup to read and execute in admindirectory (5) AND
other users have no permissions (0).

Your samba shares will respond properly to these settings.

P.S.
adminuser does not have to be a member of the group specified.

[Patrick B]

say I had this siutation: (sorry to make this such a 'newbie' type note)

1. A 'cabinet' i-bay setup with write/read access for the 'staff' group.
2. 'staff' group consists of 3 users - manny, mo and jack.
3. There are two sub directory's in the 'cabinet' i-bay - food and beer.

        ----------cabinet
                      |-----------------food
                      |
                      |-----------------beer

4. I'd like manny and mo to have access to both food and beer, but I only want jack to access food.

What commands would I have to type to restrict jack's access to food only?

Thanks for your help.  I'm still learning how to handle file permissions for users/groups in Linux (under Windoze I could do this in my sleep).

PS - I would think more people would be looking for file permission controls in SME since i-bay (share) level controls really don't give the administrator enough control.

[Richard Emory]

Believe it or not, I'm a newbie also.  Been doing real Linux for less than 6 months, although I have been tinkering with Linux for a couple of years, so if there are any errors, I would be thankful if the pros here would correct them.

OK First I-Bay way
Group - staff - (manny, mo and jack)
Group - drunks - (manny and mo)

I-Bay - food - w/group permissions for Staff
I-Bay - beer - w/group permissions for Drunks

Generic *nix
Group - staff - (manny, mo and jack)
Group - drunks - (manny and mo)

sub-directory - food - w/group permissions for Staff
     mkdir food
     chown root.staff food
     chmod 770 food
sub-directory - beer - w/group permissions for Drunks
     mkdir beer
     chown root.drunks beer
     chmod 770 beer

NT way
Create a group called staff, select users (manny, mo and jack) who are part of staff.
Create a group called drunks, select users (manny and mo) who are part of drunks.
Create a sub-directory called food and give it group permissions for staff.
Share the sub-directory called food.
Create a sub-directory called beer and give it group permissions for drunks.
Share the sub-directory called beer.

Backwards NT way
Create a sub-directory called food and give it permissions for individual users(manny, mo and jack).  Share the sub-directory called food.
Create a sub-directory called beer and give it permissions for individual users (manny and mo).  Share the sub-directory called beer.

Problem:
Mo gets on the bandwagon.  In the first three examples you simply remove him from the drunks group.  In the last example you must remember all the individual places Mo has access to and change it if necessary.

Does this help?