Re: [Samba] Samba and LinuxMDK 9 file perms oddities?
Buchan Milne wrote:
[cut]
When a member of group users connects to the [public] or [grp] share
and interacts with them by creating dirs and/or files, something strange
happens because file permissions change to:
Are you sure it is when a user connects?
Not exactly. When a user creates a file or directory, a warning message
appears saying that in the future it won't be possible to change the
file/dir. In a short words: the file/dir is rightly created but they
won't be modifiable in the future.
[cut]
What security level are you running?
2
[bgmilne:/home/users/bgmilne]# cat /etc/sysconfig/msec
If you are running security level 2 or higher, msec will reset
permissions to not be group writeable on directories under /home. So,
you should run draksec to customise this, or not use msec.
I supposed so :(
[bgmilne:/usr/share/msec]# grep home perm.? |awk '{print $1 \t $2
\t $3}'
perm.0:/home/ root.root 755
perm.0:/home/* current 755
perm.1:/home/ root.root 755
perm.1:/home/* current 755
perm.2:/home/ root.root 755
perm.2:/home/* current 755
perm.3:/home/ root.root 755
perm.3:/home/* current 711
perm.4:/home/ root.adm751
perm.4:/home/* current 700
perm.5:/home/ root.root 711
perm.5:/home/* current 700
After making your changes in draksec, run:
# msec security level
to have msec set the permissions as it thinks they should be, or set
them the way you want them, and run
# msec
to see if it leaves them alone now.
Thanks :)
Tomorrow morning I'll try on another pc. In the meanwhile I changed the
OS (FreeBSD) and I have to say that everything works well ;)
P.S. I normally search the digests of this list for mandrake, I would
not have found your post since I do not search for MDK/mdk/md etc. It is
also a good idea not to abbreviate if you intend other searches (Google
etc) to find your post ...
I'm sorry :-/
--
To unsubscribe from this list go to the following URL and read the
instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba and LinuxMDK 9 file perms oddities?
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Date: Sat, 01 Mar 2003 14:08:23 +0100
From: AlF [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Subject: [Samba] Samba and LinuxMDK 9 file perms oddities?
Message-ID: [EMAIL PROTECTED]
Content-Type: text/plain; charset=us-ascii; format=flowed
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Precedence: list
Message: 1
Hi all
I noticed a pretty strange behaviour regarding file permissions that
sometimes change without any reason. I need to share the following two
directories:
/home/public (owner=root, group=root, perms=0777)
/home/users (owner=root, group=users, perms=0770)
the /home directory is owned by root, the group is root and permissions
are set in this way: 0755.
The above dirs are shared using these instructions in smb.conf:
[grp]
comment = Folder for group [%g]
path = /home/%g
guest ok = no
public = no
browseable = yes
writable = yes
create mask = 0660
directory mask = 0770
[public]
comment = Public folder
path = /home/public
guest ok = no
public = no
browseable = yes
writable = yes
create mask = 0666
directory mask = 0777
When a member of group users connects to the [public] or [grp] share
and interacts with them by creating dirs and/or files, something strange
happens because file permissions change to:
Are you sure it is when a user connects?
/home/public (owner=root, group=root, perms=0755)
/home/users (owner=root, group=users, perms=0750)
In a short words, the write flag disappears. As a result, the next time
that a user logs in or interacts with shares, he won't be able to write
files, create dirs, rename them and so on.
I tried to shut down and restart samba to discover if that change is
caused by the deamon itself and not by the use of the shares but I
observed that restarting doesn't change file perms. Does anybody know
the solution?
What security level are you running?
[bgmilne:/home/users/bgmilne]# cat /etc/sysconfig/msec
If you are running security level 2 or higher, msec will reset
permissions to not be group writeable on directories under /home. So,
you should run draksec to customise this, or not use msec.
[bgmilne:/usr/share/msec]# grep home perm.? |awk '{print $1 \t $2
\t $3}'
perm.0:/home/ root.root 755
perm.0:/home/* current 755
perm.1:/home/ root.root 755
perm.1:/home/* current 755
perm.2:/home/ root.root 755
perm.2:/home/* current 755
perm.3:/home/ root.root 755
perm.3:/home/* current 711
perm.4:/home/ root.adm751
perm.4:/home/* current 700
perm.5:/home/ root.root 711
perm.5:/home/* current 700
After making your changes in draksec, run:
# msec security level
to have msec set the permissions as it thinks they should be, or set
them the way you want them, and run
# msec
to see if it leaves them alone now.
Regards,
Buchan
P.S. I normally search the digests of this list for mandrake, I would
not have found your post since I do not search for MDK/mdk/md etc. It is
also a good idea not to abbreviate if you intend other searches (Google
etc) to find your post ...
- --
|--Another happy Mandrake Club member--|
Buchan MilneMechanical Engineer, Network Manager
Cellphone * Work+27 82 472 2231 * +27 21 8828820x121
Stellenbosch Automotive Engineering http://www.cae.co.za
GPG Key http://ranger.dnsalias.com/bgmilne.asc
1024D/60D204A7 2919 E232 5610 A038 87B1 72D6 AC92 BA50 60D2 04A7
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.2.1 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQE+YzMLrJK6UGDSBKcRAstdAJ4sZBbp06bKYnixkWSaKAFPsD+IlgCgyauP
LJIDZHhscR9f7e46Bv3W5SQ=
=/1Or
-END PGP SIGNATURE-
--
To unsubscribe from this list go to the following URL and read the
instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba and LinuxMDK 9 file perms oddities?
Kurt Weiss wrote: AlF schrieb: When a member of group users connects to the [public] or [grp] share and interacts with them by creating dirs and/or files, something strange happens because file permissions change to: /home/public (owner=root, group=root, perms=0755) /home/users (owner=root, group=users, perms=0750) are u using winbind/ACL support? no, why? can u post the [general] section too? Since the machine is currently offline I can't cut and paste it. BTW I try to remember the whole section. Here it is: [global] workgroup = STZDOM server string = PDC Samba File Server deny hosts = all allow hosts = 192.168.0. 127. log file = /etc/samba/log/log.%m log level = 3 max log size = 80 security = user socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 local master = yes os level = 99 domain master = yes preferred master = yes dns proxy = no wins support = yes encrypt passwords = yes smb passwd file = /etc/samba/smbpasswd username map = /etc/samba/smbusers map to guest = never guest account = nobody domain logons = yes logon script = logon.bat logon path = \\%L\profiles logon home = \\%L\home logon drive = Z: admin users = administrator hide unreadable = yes hide dot files = yes kernel oplocks = no oplocks = no level2oplocks = no -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba and LinuxMDK 9 file perms oddities?
Kurt Weiss wrote: [cut] i tested the same situation. - without result. %-| (samba 2.2.4 / kernel 2.4.10) *) which version u use? 2.2.6pre2, the one that's delivered in the package samba-xxx-2.2.6-1.0.pre2.2mdk, but I'm going to upgrade in a few days. The (recompiled) kernel version is 2.4.19 *) maybe u have running some other software, which is doing this strange thing. (something like disk quota in relation with umask...) I was just thinking that security level of MDK release could be the culprit for such a strange behaviour. I think I have to take a look in /etc/security/msec/security.conf (and/or) /var/lib/msec/security.conf and try to understand *) maybe u used /home/public as home directory for an unix/linux user? no, there's no user that has /home/public as home dir *) maybe u have just a third share, which allowes access to /home? no the smb.conf part u sent, seems ok. - but if possible send the whole original... I'll access that machine on tuesday morning so there's some day to wait but I decided to test smb.conf with another Linux distribution at home in a couple of hours -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Samba and LinuxMDK 9 file perms oddities?
Hi all I noticed a pretty strange behaviour regarding file permissions that sometimes change without any reason. I need to share the following two directories: /home/public (owner=root, group=root, perms=0777) /home/users (owner=root, group=users, perms=0770) the /home directory is owned by root, the group is root and permissions are set in this way: 0755. The above dirs are shared using these instructions in smb.conf: [grp] comment = Folder for group [%g] path = /home/%g guest ok = no public = no browseable = yes writable = yes create mask = 0660 directory mask = 0770 [public] comment = Public folder path = /home/public guest ok = no public = no browseable = yes writable = yes create mask = 0666 directory mask = 0777 When a member of group users connects to the [public] or [grp] share and interacts with them by creating dirs and/or files, something strange happens because file permissions change to: /home/public (owner=root, group=root, perms=0755) /home/users (owner=root, group=users, perms=0750) In a short words, the write flag disappears. As a result, the next time that a user logs in or interacts with shares, he won't be able to write files, create dirs, rename them and so on. I tried to shut down and restart samba to discover if that change is caused by the deamon itself and not by the use of the shares but I observed that restarting doesn't change file perms. Does anybody know the solution? Thanks :-) -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba and LinuxMDK 9 file perms oddities?
AlF schrieb: When a member of group users connects to the [public] or [grp] share and interacts with them by creating dirs and/or files, something strange happens because file permissions change to: /home/public (owner=root, group=root, perms=0755) /home/users (owner=root, group=users, perms=0750) are u using winbind/ACL support? can u post the [general] section too? thx k -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
