I have a fedora 10 file server and need to assign folder permission. Samba setting security Authentication mode : share, guest account : no guest account. I have four folders which are shared and out of these four folders i want users A and B to have full control of all four folder and only one to be accessed by everyone on the network and the other three must not be access by other network users. My LAN have a windows small business server 2003 DNS. I have select users A and B on samba share and on the other folder to be accessed by everyone l have enable allow access to eveyone but still to no avail. Any idea have to achieve this.
root@serverGra# vi /etc/samba/smb.conf smb.conf(5) # ; domain master = yes ; domain logons = yes # the login script name depends on the machine name ; logon script = %m.bat # the login script name depends on the unix user used ; logon script = %u.bat ; logon path = \\%L\Profiles\%u # disables profiles support by specifing an empty path ; logon path = ; add user script = /usr/sbin/useradd "%u" -n -g users ; add group script = /usr/sbin/groupadd "%g" ; add machine script = /usr/sbin/useradd -n -c "Workstation (%u)" -M -d /nohome -s /bin/false "%u" ; delete user script = /usr/sbin/userdel "%u" ; delete user from group script = /usr/sbin/userdel "%u" "%g" ; delete group script = /usr/sbin/groupdel "%g" # ----------------------- Browser Control Options ---------------------------- ; local master = no ; os level = 33 ; preferred master = yes #----------------------------- Name Resolution ------------------------------- # Windows Internet Name Serving Support Section: # Note: Samba can be either a WINS Server, or a WINS Client, but NOT both # # - WINS Support: Tells the NMBD component of Samba to enable it's WINS Server # # - WINS Server: Tells the NMBD components of Samba to be a WINS Client # # - WINS Proxy: Tells Samba to answer name resolution queries on # behalf of a non WINS capable client, for this to work there must be # at least one WINS Server on the network. The default is NO. # # DNS Proxy - tells Samba whether or not to try to resolve NetBIOS names # via DNS nslookups. ; wins support = yes ; wins server = w.x.y.z ; wins proxy = yes ; dns proxy = yes # --------------------------- Printing Options ----------------------------- # ; load printers = yes cups options = raw ; printcap name = /etc/printcap #obtain list of printers automatically on SystemV ; printcap name = lpstat ; printing = cups # --------------------------- Filesystem Options --------------------------- # Note: these options can also be set just per share, setting them in global # makes them the default for all shares ; map archive = no ; map hidden = no ; map read only = no ; map system = no ; encrypt passwords = yes guest ok = yes guest account = Administrator ; store dos attributes = yes #============================ Share Definitions ============================== [homes] comment = Home Directories browseable = no writable = yes ; valid users = %S ; valid users = MYDOMAIN\%S [printers] comment = All Printers path = /var/spool/samba browseable = no ; guest ok = no ; writable = No Un-comment the following to provide a specific roving profile share # the default is to use the user's home directory ; [Profiles] ; path = /var/lib/samba/profiles ; browseable = no ; guest ok = yes # A publicly accessible directory, but read only, except for people in # the "staff" group ; [public] ; comment = Public Stuff ; path = /home/samba ; public = yes ; writable = yes ; printable = no ; write list = +staff [Graphics_Stuff] path = /home/Graphics_Stuff ; writeable = No browseable = no guest ok = yes [Video] path = /home/Video ; writeable = No browseable = no valid users = Administrator, mok, smg [User Data] comment = User Data path = /home/Administrator/User Data writeable = yes ; browseable = yes valid users = Administrator, mok, mic, smg [Graphics_BACKUPS] path = /home/Administrator/Graphics_BACKUPS writeable = yes ; browseable = yes valid users = Administrator, mok, mic, smg [GRAPHICS_DATA] comment = Shared Folder for everyone path = /home/Administrator/GRAPHICS_DATA writeable = yes browseable = no valid users = Administrator, mok, mic, smg [Graphics_Data] comment = Share Folder for Eveyone path = /home/Administrator/Graphics_Data writeable = yes ; browseable = yes guest ok = yes [root@serverGra ~]# vi /etc/samba/smb.conf [1]+ Stopped vi /etc/samba/smb.conf [root@serverGra ~]# testparm /etc/samba/smb.conf Load smb config files from /etc/samba/smb.conf Processing section "[homes]" Processing section "[printers]" Processing section "[Graphics_Stuff]" Processing section "[Video]" Processing section "[User Data]" Processing section "[Graphics_Stuff-1]" Processing section "[Video_Distribution]" Processing section "[COLLECTED]" Processing section "[RESOURCES]" Processing section "[Graphics_BACKUPS]" Processing section "[GRAPHICS_DATA]" Processing section "[Graphics_Data]" Processing section "[Graphics_Mail]" Loaded services file OK. WARNING: You have some share names that are longer than 12 characters. These may not be accessible to some older clients. (Eg. Windows9x, WindowsMe, and smbclient prior to Samba 3.0.) Server role: ROLE_STANDALONE Press enter to see a dump of your service definitions I want two user smg and mok to have full access to graphics mail, gra-Data gra-backups and user-data, and everyone to have access only on Gra-Data only
