son*_*ner 11 linux samba mount network-shares permissions
我有一个包含许多这样的文件夹的 Samba 共享:
share
- folderA
- folderB
- folderC
- folderD
大约有 20 个用户访问这些共享。每个用户都可以单独访问某些目录,例如 Ben 可以访问 folderA 和 folderC,但不能访问 folderB 和 folderD。Jenny 可以访问 folderB 和 folderC,依此类推。
我不希望用户安装他们需要的每个文件夹。我希望他们安装包含所有子文件夹的文件夹“共享”。然后通过设置 linux 权限来限制访问。
我为每个子目录创建了一个组,并将用户添加到这些组中。访问控制非常适用于现有文件。但是每当用户在子目录中创建文件时,对于在该目录中具有读/写访问权限的每个其他用户,它都会被拒绝。为了解决这个问题,我尝试了 samba 掩码,但无法让它工作。
我的 Samba conf 如下所示:
guest ok = no
[global]
workgroup = WORKGROUP
security = user
encrypt passwords = yes
[Share]
path = /var/samba
valid users = @everybody
read only = no
writeable = yes
[folderA]
path = /var/samba/folderA
valid users = @users_folderA
read only = no
writeable = yes
create mask = 770
directory mask = 770
force directory mode = 770
force group = users_folderA
[folderB]
path = /var/samba/folderB
valid users = @users_folderB
read only = no
writeable = yes
create mask = 770
directory mask = 770
force directory mode = 770
force group = users_folderB
[folderC]
path = /var/samba/folderC
valid users = @users_folderC
read only = no
writeable = yes
create mask = 770
directory mask = 770
force directory mode = 770
force group = users_folderC
[folderD]
path = /var/samba/folderD
valid users = @users_folderD
read only = no
writeable = yes
create mask = 770
directory mask = 770
force directory mode = 770
force group = users_folderD
很明显,每个用户都在组中,所以他们可以使用子目录安装共享。每个子目录的访问工作正常。但是每当 Ben 在文件夹 C 中创建文件时,该文件都会获得文件权限 -rwxr--r-- 但它应该是 -rwxrwx---
我认为单个文件夹的共享根本不起作用,因为我试图设置可写 = 否和只读 = 是来测试它。重新启动 smbd 和 nmbd 并重新安装网络共享(在 Windows 10 中)。用户能够创建文件并修改自己的文件。
这在带有 raspbian 的 raspberry pi 上运行。带有文件的硬盘驱动器被格式化为 ext4 并通过 fstab 安装。
试试这个配置(用于共享部分):
[Share]
path = /var/samba
valid users = @everybody
force group = +everybody
writeable = yes
create mask = 0660
force create mode = 0110
directory mask = 0770
[folderA]
path = /var/samba/folderA
valid users = @users_folderA
force group = +users_folderA
browseable = no
[folderB]
path = /var/samba/folderB
valid users = @users_folderB
force group = +users_folderB
browseable = no
[folderC]
path = /var/samba/folderC
valid users = @users_folderC
force group = +users_folderC
browseable = no
[folderD]
path = /var/samba/folderD
valid users = @users_folderD
force group = +users_folderD
browseable = no
不要忘记检查配置并重新启动 samba:
# testparm
# service smbd restart
# service nmbd restart
设置权限:
chown root:everybody /var/samba
chmod 770 /var/samba
chown root:users_folderA /var/samba/folderA
chmod 2770 /var/samba/folderA
chown root:users_folderB /var/samba/folderB
chmod 2770 /var/samba/folderB
chown root:users_folderC /var/samba/folderC
chmod 2770 /var/samba/folderC
chown root:users_folderD /var/samba/folderD
chmod 2770 /var/samba/folderD
这种方式不允许直接访问内部文件夹。此外,它们根本不可见,只能通过父文件夹访问。
| 归档时间: |
|
| 查看次数: |
17422 次 |
| 最近记录: |