----- Original Message ----- From: "Tom Pride" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Wednesday, July 02, 2003 4:02 AM Subject: [Samba] Changing ownership of a file or folder from within windows?
> Hi everyone, > > I have a Redhat 8 server running samba 2.2.8a and have configured samba > to use winbind so that I can control access to the file shares using > user and group accounts that have been set up in our windows NT domain. > This all works fine on the shares I set up from within the smb.conf > file. Windows 2000 users can access the shares just by logging into our > domain. But what I would like to do is control user or group access to a > file or a folder that has been created underneath one of the initial > samba shares. For example: if I have a samba share called "temp" and I > then access this share from a windows 2000 PC and create a new folder > inside "temp" called "myfolder" can I then go to the properties of this > new folder, click on the security tab and then add or remove users or > groups from the NT domain that can have access to "myfolder". At the > moment if I try do this I can add users or groups from our domain and > specify what access each should have ie: read only or full control, but > when I click on the "OK" button to apply these changes I get an error > saying "Unable to save permission changes on myfolder. Access is denied" > . Is this type of permission change possible and if so what am I doing > wrong? > > Just as an asside, I have set samba up as a windows print server in the > past using winbind and our NT domain accounts/groups for authentication > and have been able to control access to the shared printers through the > security tab no problems. > > Cheers > Tom > > > > Below is a copy of my smb.conf file: > > # This is the main Samba configuration file. You should read the > # smb.conf(5) manual page in order to understand the options listed > # here. Samba has a huge number of configurable options (perhaps too > # many!) most of which are not shown in this example > # > # Any line which starts with a ; (semi-colon) or a # (hash) > # is a comment and is ignored. In this example we will use a # > # for commentry and a ; for parts of the config file that you > # may wish to enable > # > # NOTE: Whenever you modify this file you should run the command "testparm" > # to check that you have not many any basic syntactic errors. > # > #======================= Global Settings > ===================================== > [global] > > ## > ## Basic Server Settings > ## > > # workgroup = NT-Domain-Name or Workgroup-Name, eg: REDHAT4 > workgroup = DPIWE > > # server string is the equivalent of the NT Description field > server string = sybil > > # This option is important for security. It allows you to restrict > # connections to machines which are on your local network. The > # following example restricts access to two C class networks and > # the "loopback" interface. For more examples of the syntax see > # the smb.conf man page > ; hosts allow = 192.168.1. 192.168.2.0./24 > 192.168.3.0/255.255.255.0 127.0.0.1 > > # Uncomment this if you want a guest account, you must add this > to /etc/passwd > # otherwise the user "nobody" is used > ; guest account = pcguest > > # this tells Samba to use a separate log file for each machine > # that connects > #log file = /usr/local/samba/var/log.%m > > # How much information do you want to see in the logs? > # default is only to log critical messages > log level = 2 > > # Put a capping on the size of the log files (in Kb). > max log size = 50 > > # Security mode. Most people will want user level security. See > # security_level.txt for details. > security = domain > > # Using the following line enables you to customise your > configuration > # on a per machine basis. The %m gets replaced with the netbios > name > # of the machine that is connecting. > # Note: Consider carefully the location in the configuration > file of > # this line. The included file is read at that point. > ; include = /usr/local/samba/lib/smb.conf.%m > > # Most people will find that this option gives better performance. > # See speed.txt and the manual pages for details > # You may want to add the following on a Linux system: > # SO_RCVBUF=8192 SO_SNDBUF=8192 > socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 > > # Configure Samba to use multiple interfaces > # If you have multiple network interfaces and want to limit > smbd will > # use, list the ones desired here. Otherwise smbd & nmbd will > bind to all > # active interfaces on the system. See the man page for details. > ; interfaces = 192.168.12.2/24 192.168.13.2/24 > > # Should smbd report that it has MS-DFS Capabilities? Only > available > # if --with-msdfs was passed to ./configure > ; host msdfs = yes > > ## > ## Network Browsing > ## > # set local master to no if you don't want Samba to become a master > # browser on your network. Otherwise the normal election rules > apply > local master = no > > # OS Level determines the precedence of this server in master > browser > # elections. The default value (20) should be reasonable > ; os level = 20 > > # Domain Master specifies Samba to be the Domain Master > Browser. This > # allows Samba to collate browse lists between subnets. Don't > use this > # if you already have a Windows NT domain controller doing this job > ; domain master = yes > > # Preferred Master causes Samba to force a local browser > election on startup > # and gives it a slightly higher chance of winning the election > ; preferred master = yes > > > ## > ## WINS & Name Resolution > ## > # Windows Internet Name Serving Support Section: > # WINS Support - Tells the NMBD component of Samba to enable > it's WINS Server > ; wins support = yes > > # WINS Server - Tells the NMBD components of Samba to be a WINS > Client > # Note: Samba can be either a WINS Server, or a WINS > Client, but NOT both > wins server = 147.109.11.238 > > # WINS Proxy - Tells Samba to answer name resolution queries on > # behalf of a non WINS capable client, for this to work there > must be > # at least one WINS Server on the network. The default is NO. > ; wins proxy = yes > > # DNS Proxy - tells Samba whether or not to try to resolve > NetBIOS names > # via DNS nslookups. > dns proxy = no > > > ## > ## Passwords & Authentication > ## > # Use password server option only with security = server > # The argument list may include: > # password server = My_PDC_Name [My_BDC_Name] [My_Next_BDC_Name] > # or to auto-locate the domain controller/s > password server = * > ; password server = <NT-Server-Name> > > # You may wish to use password encryption. Please read > # ENCRYPTION.txt, Win95.txt and WinNT.txt in the Samba > documentation. > # Do not enable this option unless you have read those documents > encrypt passwords = yes > > # Should smbd obey the session and account lines in > /etc/pam.d/samba ? > # only available if --with-pam was used at compile time > ; obey pam restrictions = yes > > # When using encrypted passwords, Samba can synchronize the local > # UNIX password as well. You will also need the "passwd chat" > parameters > ; unix password sync = yes > > # how should smbd talk to the local system when changing a UNIX > # password? See smb.conf(5) for details > ; passwd chat = <custom chat string> > > # This is only available if you compiled Samba to include > --with-pam > # Use PAM for changing the password > ; pam password change = yes > > ## > ## Domain Control > ## > # Enable this if you want Samba act as a domain controller. > # make sure you have read the Samba-PDC-HOWTO included in the > documentation > # before enabling this parameter > ; domain logons = yes > > # if you enable domain logons then you may want a per-machine or > # per user logon script > # run a specific logon batch file per workstation (machine) > ; logon script = %m.bat > # run a specific logon batch file per username > ; logon script = %U.bat > > # Where to store roving profiles (only for Win95 and WinNT) > # %L substitutes for this servers netbios name, %U is > username > # You must uncomment the [Profiles] share below > ; logon path = \\%L\Profiles\%U > > # UNC path specifying the network location of the user's home > directory > # only used when acting as a DC for WinNT/2k/XP. Ignored by > Win9x clients > ; logon home = \\%L\%U > > # What drive should the "logon home" be mounted at upon login ? > # only used when acting as a DC for WinNT/2k/XP. Ignored by > Win9x clients > ; logon drive = H: > > ## > ## Printing > ## > > # If you want to automatically load your printer list rather > # than setting them up individually then you'll need this > ; load printers = yes > > # you may wish to override the location of the printcap file > ; printcap name = /etc/printcap > > # on SystemV system setting printcap name to lpstat should allow > # you to automatically obtain a printer list from the SystemV spool > # system > ; printcap name = lpstat > > # It should not be necessary to specify the print system type > unless > # it is non-standard. Currently supported print systems include: > # bsd, sysv, plp, lprng, aix, hpux, qnx > ; printing = bsd > > # Enable this to make Samba 2.2 behavior just like Samba 2.0 > # not recommended nuless you are sure of what you are doing > ; disable spoolss = yes > > # list of users and groups which should be able to remotely manage > # printer drivers installed on the server > ; printer admin = root, +ntadmin > > > ## > ## Winbind > ## > > # specify the uid range which can be used by winbindd > # to allocate uids for Windows users as necessary > winbind uid = 10000-20000 > > # specify the uid range which can be used by winbindd > # to allocate uids for Windows users as necessary > winbind gid = 10000-20000 > > # Define a home directory to be given to passwd(5) style entries > # generated by libnss_winbind.so. You can use variables here > ; winbind template homedir = /home/%D/%U > > # Specify a shell for all winbind user entries return by the > # libnss_winbind.so library. > ; winbind template shell = /bin/sh > > # What character should be used to separate the DOMAIN and Username > # for a Windows user. The default is DOMAIN\user, but many people > # prefer DOMAIN+user > winbind separator = + > > winbind enum users = yes > winbind enum groups = yes > winbind use default domain = yes > > # Winbind cache time sets the amount of time in seconds before it > # the Primary Domain Controller agian. > winbind cache time = 600 > #winbind cache time = 15 > > # Veto the Apple specific files that a NetAtalk server > # creates. > veto files = /.AppleDouble/.bin/.AppleDesktop/Network Trash > Folder/.AppleDB/ > delete veto files = yes > > dos filetimes = yes > > map archive = yes > > > #============================ Share Definitions > ============================== > > #[cit] > # comment = Test Directory > # path = /tmp > # public = no > # browseable = yes > # writable = yes > # valid users = @dpiwe+cit > > [Graphic Serv] > comment = Graphic Services > path = /data/sybil/Graphic_Services > public = no > writeable = yes > browseable = yes > valid users = @dpiwe+gsu, @dpiwe+gsu_mgmt, @dpiwe+cit > create mask = 0777 > directory mask = 0777 > force create mode = 0777 > force directory mode = 0777 > > [Photogram] > comment = Photogrammetry > path = /data/sybil/Photogrammetry > public = no > browseable = yes > read list = @dpiwe+tis, dpiwe+daustin, dpiwe+mnoonan, > dpiwe+mgay, dpiwe+ssellers > write list = @dpiwe+gpr, @dpiwe+gpr_mgmt > create mask = 0777 > directory mask = 0777 > force create mode = 0777 > force directory mode = 0777 > > [Reprographic] > comment = Reprographics > path = /data/sybil/Reprographics > writeable = yes > public = no > browseable = yes > valid users = @dpiwe+gpr, @dpiwe+gpr_mgmt, @dpiwe+cit, > dpiwe+gharrington > create mask = 0777 > directory mask = 0777 > force create mode = 0777 > force directory mode = 0777 > > > -- > To unsubscribe from this list go to the following URL and read the > instructions: http://lists.samba.org/mailman/listinfo/samba > > Hi all, maybe you have to use a Posix acl filesystem and compile samba with acl support to do this, this link may help you http://homex.subnet.at/~max/ Andrea Baldi - ZEN Sistemi srl - Italy -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
