The environment is Ubuntu Desktop 10.10 (Maverick Meerkat) freshly installed and updates done.
Given that, the following are the minimal steps and configuration required to achieve the objective.
Make a public file space based on "HowTo: Create shared directory for local users (with bindfs)", this works much better than access control lists can.
sudo apt-get install bindfs
configure the public space to be set up on startup.
description "Remount public with different permissions" start on stopped mountall pre-start exec install --owner=nobody --group=nogroup --mode=0777 \ --directory /export/public exec bindfs -f --owner=nobody --group=nogroup --perms=a=rwD \ --create-for-user=nobody --create-for-group=nogroup \ --create-with-perms=a=rwD --chown-ignore --chgrp-ignore --chmod-ignore \ /export/public /export/public
and make the public space active
sudo initctl start bind-public
Now to make the space available over the network using Samba.
sudo apt-get install samba
And here is a minimal Samba configuration to do the job.
[global] map to guest = Bad User [public] path = /export/public guest ok = yes read only = no
It is not necessary to restart samba for the changes to take effect.
At this point the objective is achieved for remote connections, and any local methods for accessing the directory.
For restricted access, configure Samba to require a log-on, or only allow particular users to access the public share.