You are not logged in.
Hey,
I have a network with an archlinux server as only server on the network.
On the server with samba3 there are different directories with different user and group rights. Every user was existing twice, as a Linux user and as a samba user. In the samba smb.conf force group was set to the linux group, the files were forced 660 and directories 770.
user 1-4 were in officesmbgroup with access only to share1
user 1-2 were in officesmbgroup and extrasmbgroup with access to share1 and share2
all 4 users exist as linux users and have ssh access to the linux server
Example working on samba3
[share1]
available = Yes
browseable = Yes
comment = office
create mask = 660
directory mask = 2770
force create mode = 660
force directory mode = 2770
force group = officesmbuser
guest ok = No
path = /data/office
writeable = Yes
valid users = @officesmbuser
[share2]
available = Yes
browseable = Yes
comment = office
create mask = 660
directory mask = 2770
force create mode = 660
force directory mode = 2770
force group = extrasmbuser
guest ok = No
path = /data/extra
writeable = Yes
valid users = @extrasmbuserAs I understood with samba4 this is no longer possible because it is not possible to force a linux group in samba any more. I figured out to mange this in samba4 standalone role mode. But this has a big disadvantage: I had to set all files on the shares to 666 and folders to 777.
Working wtih samba4 standalone role mode, but security problem
[share1]
available = Yes
browseable = Yes
comment = office
create mask = 666
directory mask = 2777
force create mode = 666
force directory mode = 2777
guest ok = No
path = /data/office
writeable = Yes
valid users = user1, user2, user3, user4
[share2]
available = Yes
browseable = Yes
comment = office
create mask = 666
directory mask = 2777
force create mode = 666
force directory mode = 2777
guest ok = No
path = /data/extra
writeable = Yes
valid users = user1, user2This would be a problem because linux user3 and user4 have ssh access and would have access to all files on both shares in all directories.
Is there another way to manage this or do I have to set up active directory, manage group rights there and leave the local rights on the linux machine at 660 and 770?
Thanks in advance
Offline