Date: Sun, 13 Jun 2010 18:31:18 +0200 From: Polytropon <freebsd@edvax.de> To: Bob Hall <rjhjr0@gmail.com> Cc: freebsd-questions@freebsd.org Subject: Re: Directory Passwords Message-ID: <20100613183118.c5daa042.freebsd@edvax.de> In-Reply-To: <20100613041500.GA71284@stainmore> References: <bd248c46af60bdd2b12ba559562d5571@imaps.cancog.com> <20100613041500.GA71284@stainmore>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sun, 13 Jun 2010 00:15:00 -0400, Bob Hall <rjhjr0@gmail.com> wrote: > On Sat, Jun 12, 2010 at 02:52:59PM -0400, Mike Robins wrote: > > Hi there, I currently am running a FreeBSD/Samba server for my company > > with public shares for all of the employees to keep their work related > > documents in. I'm wondering if it is possible for me to keep these shares > > public and add a password to each sub directory in the public share? This > > would mean I could give each department a sub directory that only they > > would know the password to and keep the sensitive documents away from > > public view. > > Any password known to a group of people quickly becomes public > knowledge. If you really need to restrict access to a share, this won't > do it securely. There may be another way to implement this functionality - not by passwords, but by group permissions. Create the different share directories as needed and give them the following settings: owner = project leader, group = project group. Then add the users belonging to the project group to that group, so they will be able to access the share. Other groups and people won't have access (u=rw,g=rw,o=nothing). If a user is delegated to another group, remove him from the project group, and add him to his new group. In this way, it's enough for a user to know his own password. > I'm pretty sure you can integrate Samba into such a system, but > how to do it is a Samba related question, not a FreeBSD question. It can easily be done using UFS's user:group and permission system. I'm not sure in how far it can be manipulated by a "Windows" client, but finally, there could be an SSH access with proper rights for a responsible person to take care of the settings. A dialog based wrapper around pw calls could also be implemented very fast. -- Polytropon Magdeburg, Germany Happy FreeBSD user since 4.0 Andra moi ennepe, Mousa, ...
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20100613183118.c5daa042.freebsd>