I think we are chasing several dead-ends
I keep coming back to:
forced owner and group.
Group is write only. so basically like this in the Filesystem:
The Directory:
/data/share/incoming chmod 6720, chown spooler.writeonlygroup
Force samba to write the file as user spooler. Which I believe you already do. And force the create mode as 0620.
When the user drops a file there, it basically disappears. Nothing will show up for them at all.
You might wanna create a share called incoming. and make it a subdir of /data/share/
The chmod would keep out normal users too.
I had a problem with a directory done this way (accidentally) *I* could see and use it. (mainly because I was an admin user) but nobody else could get in and see what was there.
Edit:
One last thing, we have to remember Samba follows any restriction the OS puts on it. Even if you want something else in the samba config. Using the OS to create a restricted area itself, but then force a few things to work with the OS restriction underneath Samba, I believe is the way to go.
--
[link|mailto:greg@gregfolkert.net|greg],
[link|http://www.iwethey.org/ed_curry|REMEMBER ED CURRY!] @
iwethey[link|http://it.slashdot.org/comments.pl?sid=134485&cid=11233230|"Microsoft Security" is an even better oxymoron than "Military Intelligence"]
No matter how much Microsoft supporters whine about how Linux and other operating systems have just as many bugs as their operating systems do, the bottom line is that the serious, gut-wrenching problems happen on Windows, not on Linux, not on Mac OS. -- [link|http://www.eweek.com/article2/0,1759,1622086,00.asp|source]
Edited by
folkert
April 8, 2005, 12:06:26 PM EDT