Help me find a software / hardware solution for differentiating file access rights?

A

asgard882013-11-15 09:08:17

Active Directory

asgard88, 2013-11-15 09:08:17

Good time gentlemen! Help me find a solution that allows you to create some directories (personal storage) for storing documents with a specific access system: The principle is simple - each user has a personal directory for incoming documents. To him, any employee (or employees defined in advance) puts a certain document (document, image, music file, etc) in the directory. The owner of the directory sees all the files stored by him (those that he put there, or saved himself), and the rest of the users see only what they themselves sent there. Thus, any employee who visits the personal directory of this person will not see other people's documents transferred to the owner of the directory.

Interested in what is generally available - document management systems, perhaps a cool NAS, solutions on active directory, a private cloud, or just a direction where to dig.

Reply

Answer the question

In order to leave comments, you need to log in

3 answer(s)

A

amc, 2013-11-16
@asgard88

You are interested in Access Based Enumeration and "Create Files/Folders" rights for "Authenticated" and "Full Control" for "CREATOR-OWNER".

R

repiv, 2013-11-15
@repiv

as an option to lift and configure samba. In my opinion the simplest solution.

C

Chromium58, 2013-11-15
@Chromium58

samba is fine.
Suppose we have a user mainuser and a group of other users "users".
We do the following:
mkdir /home/share
chmod 770 /home/share
chgrp "users" /home/share
Add our share to /etc/samba/smb.conf:
[share]
path = /home/share
read only = no
create mode = 0600
directory mode = 0700
hide unreadable = yes # users don't see unreadable files admin users = mainuser
# mainuser for given shares == root