> > Also, there are some shares --- like the webroot one that multiple users > > should have rights to do anything in (for example, the webroot, all of > > the teachers in the school should have read, write and execute rights > > to, but none of the students should, as well, apache should have read > > write and execute rights so that it can serve it etc) > > > > My gut instinct is that it should be owned by apache, and that the group > > should be the active directory group teachers (which contains all the > > right people) and I am guessing the permissions would look like 775 > > giving the owner, apache, read, write and execute permissions, the > > group, the active directory teachers group, read write and execute -- so > > they can edit web pages, and the rest of the world read and execute > > permissions so that they can see the pages and execute any scripts etc > > in them. Is this right or am I totally confused? > > Can handle this with appropriate group permissions and memberships, and > possibly with additional restrictions as shown above if necessary (may > find you don't really want ALL teachers to have free access, depending > on proficiency). All users you want to access things that are not > wide-open will need Linux user accounts with appropriate group > memberships. > > Phil > > [Tim Holmes] What would these user accounts look like -- same username as the windows user? Or how would I end up connecting the two, so that samba etc would know that when user MCASCHOOL\timholmes accesses a share, he should get directed to the home directory of srvweb-02\timholmes? I am also assuming that I could set their login shell to nologin to prevent them from playing games with me TIM TIM