[Samba] Prevent deleting/moving of primary directory, - Samba

This is a discussion on [Samba] Prevent deleting/moving of primary directory, - Samba ; Greetings - In general terms I would like to prevent users from deleting or moving a primary directory within a share, but allow users to create / delete / move subdirectories and files that reside under these directories. My reason ...

+ Reply to Thread
Results 1 to 2 of 2

Thread: [Samba] Prevent deleting/moving of primary directory,

  1. [Samba] Prevent deleting/moving of primary directory,

    Greetings -

    In general terms I would like to prevent users from deleting or moving a
    primary directory within a share, but allow users to create / delete / move
    subdirectories and files that reside under these directories. My reason for
    needing this type of setup is to prevent an accidental deletion of a common
    directory and to maintain a planned directory structure at the top level of
    the share. My system information is listed below.

    Linux RHES 3
    Samba 3.0.9-1.3
    File Server for 8 Windows boxes (2000 and XP)

    The share and directory structure that explains what I would like to do is
    listed below. We have a small open office where everyone works together on
    multiple projects and proposals. The permissions currently set for the
    ECOSYSTEM share are read/write/execute (0777) for the entire share, with all
    subdirectories inheriting permissions. I would like to be able to allow all
    users (or a specified group) to create/delete/move directories such as
    Project1, or any files under Project1, as they wish. I would like to
    prevent anyone but the administrator with root privileges from accidentally
    deleting or moving the Archive, Admin, Marketing, Projects, and Reference
    directories. The pertinent details of my smb.conf are also listed below.

    ECOSYSTEM
    |-----Archive
    |-----Admin
    |-----Marketing
    |-----Proposal1
    |-----Proposal2
    |-----Projects
    |-----Project1
    |-----Project2
    |-----Reference


    smb.conf
    #======================= Global Settings
    =====================================
    [global]
    server string = Bison samba server
    printcap name = /etc/printcap
    load printers = yes
    log file = /var/log/samba/%m.log
    max log size = 50
    unix password sync = yes
    pam password change = yes
    socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
    os level = 33
    preferred master = yes
    password server = None
    guest ok = yes
    security = SHARE
    dns proxy = no

    #============================ Share Definitions
    ==============================
    [homes]
    comment = Home Directories
    browseable = no
    writeable = yes
    hide dot files = yes

    [printers]
    comment = All Printers
    path = /var/spool/samba
    browseable = no
    printable = yes

    [ecosystem]
    path = /ecosystem
    writeable = yes
    create mask = 0777
    directory mask = 0777
    inherit permissions = yes


    I have searched through the list archives and found discussion of a similar
    issue at http://marc.theaimsgroup.com/?l=samb...6845920890&w=2 , but
    the solution of the issue is not clearly identified. I have read and
    re-read the 'Definitive Guide to Samba 3' without success at understanding
    if this is possible or not. If anyone has implemented this type of
    permissions setup, can you provide some guidance and details. Thanks for
    your assistance.


    Jeff Boyce
    Meridian Environmental
    www.meridianenv.com

    --
    To unsubscribe from this list go to the following URL and read the
    instructions: https://lists.samba.org/mailman/listinfo/samba

  2. Re: [Samba] Prevent deleting/moving of primary directory,

    Hi Jeff,
    Try this. Set the ECOSYSTEM to be owned by root and the subdirectories to be owned by the same user that is able to connect the smb share.

    Then set the share path on smb.conf to ECOSYSTEM. You will probabily be able to have full access into the subdirectories but not be able to delete neither rename these subdirectories.

    So you keep your main structure of directories.

+ Reply to Thread