Jon Schewe wrote:
Rafiu Fakunle wrote:
Rafiu Fakunle wrote:
Jon Schewe wrote:
I created my accounts and we get some odd errors in the ssl_error_log:
[Thu Aug 14 17:20:45 2008] [error] [client 128.33.251.135] PAM:
user 'jmanley' - invalid account: Permission denied
[Thu Aug 14 17:23:09 2008] [error] [client 128.33.251.128] GROUP:
jschewe not in required group(s).
[EMAIL PROTECTED] users]# id jschewe
uid=10000(jschewe) gid=10000(users) groups=10000(users)
[EMAIL PROTECTED] users]# id jmanley
uid=10001(jmanley) gid=10000(users) groups=10000(users)
The primary group on the share is NULL, but changing it to users
doesn't help.
Any ideas?
I'll try to reproduce and get back to u post-haste.
OK, worksforme.
How are you connecting to the share?
I connect to:
https://<server>/mnt/<vg>/<lv>/<sharename>
That's what I'm using. However I get those funny errors in the log.
I did some more experimenting and looking at your apache config file
and found some things odd things.
First my share setup:
/mnt/data/users/jschewe is what I'm trying to access.
That share is set to be RO by the users group and RW by the NULL group
The NULL group is set as primary group.
The user "jschewe" has the primary group of "users" and no one is in
the NULL group.
I have this setup because I don't want everyone anyone to have write
access to the home directories, so I've created this NULL group that
no one is in. I could create a group per person, however that's a bit
of a pain. Or is that the expected usage?
Looking at the apache config it seems that to access the share
"jschewe" the user needs to be both in the "NULL" group AND in the
"users" group, even though using standard unix permissions only the
"users" group is required.
Is there a way to setup permissions through the UI for users rather
than just groups? What I'd really like is for /mn/data/users/jschewe
to be owned by "jschewe" and the group "NULL" and allow the group
"users" RO access. I would like "jschewe" to only be in the group
"users". I would like "jschewe" to be able to RW to
/mnt/data/users/jschewe through all protocols, CIFS, NFS, WebDAV. Is
it possible to do this just through the UI or do I need to go in
through the console? Are there better suggestions for using openFiler
for home directories?
OK, I played around with this for a bit to see whether what you're
advocating is possible specifically for WebDAV (all other protocols
already support home dirs with the current config parameters).
Create your "users" subfolder, click the subfolder name then click "Make
Homes Folder" in the popup dialog.
Select the export protocols for the individual networks that will be
accessing the share then submit the form.
Next edit /etc/httpd/conf.d/openfiler-shares.conf and enter the
following parameters in the Directory context for the users share:
AuthType Basic
AuthBasicAuthoritative off
AuthUserFile /dev/null
AuthPAM_Enabled on
AuthPAM_FallThrough on
AuthName Homes
Require valid-user
Add a "*" after the path attribute of the Directory context:
eg.
<Directory "/mnt/data/users/*">
Restart httpd (service httpd restart)
Log in to the share using an SMB client (this should automatically
create the user's home directory in /mnt/data/users)
Disable world access to the user's home directory:
setfacl -R -m o::---,default:o::--- /mnt/data/users/jschewe
Connect via WebDAV.
Try with a second user to verify that it's secure.
Let me know if this works for you.
R.
_______________________________________________
Openfiler-users mailing list
[email protected]
https://lists.openfiler.com/mailman/listinfo/openfiler-users
