И снова права Мы выкурили то, что предложило сообщество и у нас получилось вот так. Правы ли мы? Скорее – нет, чем да.
# smb.conf is the main Samba configuration file. You find a full commented
# version at /usr/share/doc/packages/samba/examples/smb.conf.SUSE if the
# samba-doc package is installed.
[global]
workgroup = MONTAGE
passdb backend = tdbsam
printing = cups
printcap name = cups
printcap cache time = 750
cups options = raw
map to guest = Bad User
include = /etc/samba/dhcp.conf
logon path = \\%L\profiles\.msprofile
logon home = \\%L\%U\.9xprofile
logon drive = P:
usershare allow guests = No
add machine script = /usr/sbin/useradd -c Machine -d /var/lib/nobody -s /bin/false %m$
domain logons = No
domain master = No
security = user
wins support = No
netbios name = NAS-2
ldap admin dn =
wins server =
[homes]
comment = Home Directories
valid users = %S, %D%w%S
browseable = No
read only = No
inherit acls = Yes
[profiles]
comment = Network Profiles Service
path = %H
read only = No
store dos attributes = Yes
create mask = 0600
directory mask = 0700
[users]
comment = All users
path = /home
read only = No
inherit acls = Yes
veto files = /aquota.user/groups/shares/
[groups]
comment = All groups
path = /home/groups
read only = No
inherit acls = Yes
[printers]
comment = All Printers
path = /var/tmp
printable = Yes
create mask = 0600
browseable = No
[print$]
comment = Printer Drivers
path = /var/lib/samba/drivers
write list = @ntadmin root
force group = ntadmin
create mask = 0664
directory mask = 0775
## Share disabled by YaST
# [netlogon]
[NAS-EDITOR]
inherit acls = Yes
inherit owner = No
inherit permissions = Yes
map acl inherit = Yes
path = /home/RAID/NAS-Editor
read only = No
read list = @newsroom, @Sales
Write list = @Editor,@TRAFFIC
guest ok = No
[NAS-INGEST]
inherit acls = Yes
path = /home/RAID/NAS-Ingest
read only = No
[PGM]
inherit acls = Yes
path = /home/PGM
read only = No
Потому что на сегодня ВСЕ пользователи имеют права на чтение-запись вне зависимости от того, находятся ли они в списке юзеров с запретом на запись или нет.
Возможно, мы что-то не понимаем. Например, для каталога NAS-Rditor определено:
[NAS-EDITOR]
inherit acls = Yes
inherit owner = No
inherit permissions = Yes
map acl inherit = Yes
path = /home/RAID/NAS-Editor
read only = No
read list = @newsroom, @Sales
Write list = @Editor,@TRAFFIC
guest ok = No
Но при этом пользователи в @newsroom и @Sales без проблем создают каталоги и могут выкладывать свои файлы на NAS-Editor, хотя это им должно быть запрещено.
На всякий случай приложу SMBUSERS
# This file allows you to map usernames from the clients to the server.
# Unix_name = SMB_name1 SMB_name2 ...
#
# See section 'username map' in the manual page of smb.conf for more
# information.
#
# This file is _not_ included in the default configuration as it makes the
# usage of an user named administrator impossible.
root = administrator
;nobody = guest pcguest smbguest
И снова премного благодарен заранее.