freebsd at edvax.de
Sun Jun 13 16:31:21 UTC 2010
On Sun, 13 Jun 2010 00:15:00 -0400, Bob Hall <rjhjr0 at gmail.com> wrote:
> On Sat, Jun 12, 2010 at 02:52:59PM -0400, Mike Robins wrote:
> > Hi there, I currently am running a FreeBSD/Samba server for my company
> > with public shares for all of the employees to keep their work related
> > documents in. I'm wondering if it is possible for me to keep these shares
> > public and add a password to each sub directory in the public share? This
> > would mean I could give each department a sub directory that only they
> > would know the password to and keep the sensitive documents away from
> > public view.
> Any password known to a group of people quickly becomes public
> knowledge. If you really need to restrict access to a share, this won't
> do it securely.
There may be another way to implement this functionality - not by
passwords, but by group permissions.
Create the different share directories as needed and give them the
following settings: owner = project leader, group = project group.
Then add the users belonging to the project group to that group,
so they will be able to access the share. Other groups and people
won't have access (u=rw,g=rw,o=nothing). If a user is delegated to
another group, remove him from the project group, and add him to
his new group.
In this way, it's enough for a user to know his own password.
> I'm pretty sure you can integrate Samba into such a system, but
> how to do it is a Samba related question, not a FreeBSD question.
It can easily be done using UFS's user:group and permission
system. I'm not sure in how far it can be manipulated by a
"Windows" client, but finally, there could be an SSH access
with proper rights for a responsible person to take care of
the settings. A dialog based wrapper around pw calls could
also be implemented very fast.
Happy FreeBSD user since 4.0
Andra moi ennepe, Mousa, ...
More information about the freebsd-questions