I'm a bit puzzled by this: someone who no longer works at our company told our client before leaving that what I'm about to describe is feasible, but I'm at a loss for how.
Our client is getting an smb share as read-only from one of their partners. I have absolutely no control over this. This share is mounted on one of our file servers at /mnt/share.
My task is to set up a share from /mnt/share to the clients active directory users, which i have done sucessfully, but I also need to set permissions on certain sensitive subfolders that should be accessible by only certain active directory groups. (for example, only users in the Accounting group should be able to read the "Accounting" subfolder)
According to all documentation I've read, this is impossible because the files "on disk" are read-only (since they are really just a mounted smb share). Attempts to set permissions anyway have been met with no feedback.
The file server is RHEL 7.x (it is in the correct AD realm) and I also have Admin access to Active Directory.
To summarize:
Partner SMB share (read only) -----> File server | SMB share -------[This is where I need to set permissions]-------> user machines.
I've had confirmation from a seasoned veteran that what i'm trying to do cannot be done. Since the "disk" that i'm sharing is mounted read-only, neither linux nor windows will let me apply permissions to specific folders inside the share, unless this was done from the original share, which i cannot control.
the only access control i've managed to apply was by pointing compmgmt.msc to the linux share server, and managing the "share access" security options to only allow a certain group to access the entire share.