-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On 06/03/2011 10:15 AM, Robert W. Smith wrote: Thanks for responding. No luck with these changes. I just posted in another reply that if I change permissions of the directory /home/chemgroup/username from this: drwxr-x--- to this: drwxrwx--- the user username can write just fine via Samba. Just to verify that file system ACLs are not in play, I show the following for that directory: $ getfacl /home/chemgroup/username getfacl: Removing leading '/' from absolute path names # file: home/chemgroup/username # owner: username # group: chemgroup user::rwx group::r-x other::--- So, nothing odd there. I welcome any suggestions. Thanks. John > John, > > For the [chemgroup] share try > > [chemgroup] > comment = Chemistry Group Share > path = /home/chemgroup > valid users = @chemgroup > write list = @chemgroup > browseable = no > ;; writeable = yes > ;; printable = no > force group = @chemgroup ;; note your post left out the '@'-sign > create mask = 0660 > directory mask = 0770 > > and for the [homes] share try > > [homes] > comment = Home Directories > browseable = no > ;; read only = no > create mask = 0640 > directory mask = 0750 > ;; valid users = %S > valid users = %U > write list = %U > > I found that using %U works best so long as you don't have older Windows > (e.g. Wfwg). Also specifying write list specifically gives 'username' > write capabilities consistent with your security policy on the > underlying volume. > > And, is /lab/chemgroup a local disk volume or a remote NSF volume? Doing > a double mount SMB --> NFS --> Local Vol is not recommended owing to the > way NFS itself handles permissions. > > Also I would recommend that you consider upgrading to the latest 3.5.X > branch of Samba and consider enabling ACLs and extended User Attributes > on the underlying volumes. Although adding Posix ACls does add > complexity to the mix in the end you get a more secure environment and > less Windows-to-Linux permission problems and confusion. > > Bob > --bs > > On Thu, 2011-06-02 at 10:36 -0400, John Maher wrote: > Hello, > > I cannot find anything in the documentation or mailing list that > addresses this oddity. > > I've installed Samba Version 3.4.7 on Ubuntu Server 10.04, and I'm > utterly confused by samba's behavior regarding permissions. > > Users on the server have home directories in /home/chemgroup/username. > (chemgroup is actually a symlink to another volume mounted at > /labs/chemgroup.) Permissions on /lab/chemgroup are: > > drwxrwx--- username chemgroup /labs/chemgroup > > Permissions on /lab/group/username are: > > drwxr-x--- username chemgroup /labs/chemgroup/username > > Clearly, username has rights to write to /home/chemgroup/username, and > can do so just fine via ssh. > > The Samba share is configured as follows: > > [chemgroup] > comment = Chemistry Group Share > path = /home/chemgroup > valid users = @chemgroup > public = no > browseable = no > writeable = yes > printable = no > force group = chemgroup > create mask = 0660 > directory mask = 0770 > > Note, username is a member of chemgroup. > > username can connect to \\server\chemgroup and can create new files and > directories there. And username can navigate to the username folder > within chemgroup. BUT, here's where it gets weird . . . username can > create a new file within the chemgroup\username folder, but they cannot > even change the name of the file they just created. And they can't > delete the file they just created (and couldn't rename). > > This same behavior is even presented with Home directories, with the > homes section looking like this: > > [homes] > comment = Home Directories > browseable = no > read only = no > create mask = 0640 > directory mask = 0750 > valid users = %S > > Thank you for any help or guidance. > > John > >> - -- * - - - - * - - - - * - - - - * - - - - * - - - - * - - - - * - - - - * John Maher Senior Systems and Network Administrator Department of Biochemistry & Molecular Biology and Department of Chemistry University of Massachusetts - Amherst voice: 413-577-3120 fax: 413-545-4490 OpenPGP Key ID: 0x2970A144 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAk3o/V4ACgkQG+X1pClwoURkHQCfdkU+zdRDkUhTDKFu6m2VNkT2 B70AoM6d04axc7JixViRGLv4bMPjeYmK =q73f -----END PGP SIGNATURE----- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
