Samba offers much flexibility in file system access management. These are the key access control
facilities present in Samba today:
Samba Access Control Facilities
UNIX File and Directory Permissions
Samba honors and implements UNIX file system access controls. Users
who access a Samba server will do so as a particular MS Windows user.
This information is passed to the Samba server as part of the logon or
connection setup process. Samba uses this user identity to validate
whether or not the user should be given access to file system resources
(files and directories). This chapter provides an overview for those
to whom the UNIX permissions and controls are a little strange or unknown.
Samba Share Definitions
In configuring share settings and controls in the
the network administrator can exercise overrides to native file
system permissions and behaviors. This can be handy and convenient
to effect behavior that is more like what MS Windows NT users expect,
but it is seldom the
way to achieve this.
The basic options and techniques are described herein.
Samba Share ACLs
Just as it is possible in MS Windows NT to set ACLs on shares
themselves, so it is possible to do in Samba.
Few people make use of this facility, yet it remains one of the
easiest ways to affect access controls (restrictions) and can often
do so with minimum invasiveness compared with other methods.
MS Windows ACLs through UNIX POSIX ACLs
The use of POSIX ACLs on UNIX/Linux is possible only if the underlying
operating system supports them. If not, then this option will not be
available to you. Current UNIX technology platforms have native support
for POSIX ACLs. There are patches for the Linux kernel that also provide
this support. Sadly, few Linux platforms ship today with native ACLs and
extended attributes enabled. This chapter has pertinent information
for users of platforms that support them.