Permission Folders SMB

  • Hello,
    Is it possible to create permission levels in folders? For example, a master folder that will be shared by default for all users (company name), and within it there will be the departments folders (Financial, Support, Commercial etc) and each folder would have its permission according to the groups of departments (folder support / group support etc).
    VidMate
    I have SMB integrated with the Active Directory Mobdro


    Thanks.

  • The most simple way to achieve this is to use only basic POSIX permissions, Samba's creation masks and two different shares:


    The 'Master' share using Samba's/OMV's default permission settings, that's

    Code
    create mask = 0664
    	directory mask = 0775
    	force create mode = 0664
    	force directory mode = 0775


    After creation of the share in the OMV UI you simply assign the share to one group all users are member of (chgrp -R $group /path/to/share)


    Then you create the 'Departments' share and when creating the share you edit 'extra options' to disallow 'others' to access:


    Code
    create mask = 0660
    	directory mask = 02770
    	force create mode = 0660
    	force directory mode = 02770



    Again after creation of this share you simply assign the share to one group all users are member of (chgrp -R $group /path/to/share)


    After creation of the 'departments folders (Financial, Support, Commercial etc)' you assign each department folder to the department's AD group (chgrp -R $group /path/to/share/folder). This way only members of the specific AD group can enter the respective department folder.


    There are better ways to solve this based on ACLs (every good Samba 4.x tutorial on the net has the details) but since OMV users regularly struggle with this maybe the better idea is to keep things simple. With ACLs you can then even adjust permissions from Windows clients while the above approach only allows access to specific department folders based on group membership.

Jetzt mitmachen!

Sie haben noch kein Benutzerkonto auf unserer Seite? Registrieren Sie sich kostenlos und nehmen Sie an unserer Community teil!