× Welcome to the Centrify Community! Looking for Express & Smart Card Help? Click Here

Samba Share - Write Access for certain domain users, read access for other domain users

Showing results for 
Search instead for 
Do you mean 
Reply
Participant I
Posts: 1
Registered: ‎04-21-2017
#1 of 3 286

Samba Share - Write Access for certain domain users, read access for other domain users

Hi, I have Centrify Express Samba running on our domain network. It works well thanks. I'd like to create a new share that will allow some users read access only and other domain users read/write access. I can't seem to get it to work. Can someone help with the samba conf. Here is what I have currently. This group 'adminshare_w' has certain memebers and the other group 'adminshare_r' has also different members.

 

[NewShare]
path = /mnt/data1/adminshare
comment = admin share | Owner User
guest ok = yes

guest account = nobody
valid users = +domain\adminshare_w +domain\adminshare_r
browseable = yes
writable = yes

file permissions on the share

drwxrws---+  11 domainuser adminshare_w   4096 Apr 21 10:18 adminshare

 

Highlighted
Centrify
Centrify
Posts: 1
Registered: ‎01-23-2017
#2 of 3 202

Re: Samba Share - Write Access for certain domain users, read access for other domain users

Aani, 

 

After reviewing the smb.conf man pages I found some  settings that might help you accomplish the behavior you want. 

 

My current share setup in smb.conf is as follows and it allows members of only one group to write to the share, everyone else cannot do so, they will receive a NT_STATUS_MEDIA_WRITE_PROTECTED error. 

 

smb.conf

==============

[test-share]

    path = /test-share

    public = yes

    read only = yes

    browseable = yes

    write list = +DOMAIN\WRITEGROUP

 

The above settings worked for me, pretty much what you're doing is creating a read only share for everyone else and only the users in the WRITEGROUP can write to the share. 

 

Here is the output from the man pages for 'write list'

This is a list of users that are given read-write access to a service. If the connecting user is in this list then they will be given write access, no matter what the read only option is set to. The list can include group names using the @group syntax.

Note that if a user is in both the read list and the write list then they will be given write access.

Default: write list =

Example: write list = admin, root, @Staff

 

You can further modify the share to your liking, hope this helps. 

 

Note: This setup worked when I changed the file permissions to my share to 777. Although this is set to 777 the settings in the share due to write list doesn't allow other users to have write permissions. 

Participant II
Posts: 3
Registered: ‎03-11-2016
#3 of 3 66

Re: Samba Share - Write Access for certain domain users, read access for other domain users

@Izi: - Thanks, sorry for the late reply..

 

Yes, this pointed me in the right direction, I just could'nt get the right combo of settings.

 

My file permissions are set as follows which just allows read permission for all other users.

Everyone now has read file permissions. The share then stipulates for a domain user in the write list

 

drwxrwsr-x+  12 user share            4096 May 23 16:40 share

 

smb.conf

==============

[test-share]

    path = /test-share

    public = yes

    read only = yes

    browseable = yes

    write list = +DOMAIN\WRITEGROUP

 

Thanks for your help, banging my head off the table a while back with this one.

 

Much appreciated.