Hi All, I've built Samba v2.2.8a on a RedHat 7.2 system and it seems to work ok. However I cannot understand the "read only" parameter in the following situation:
smb.conf file: ------------------- [global] security=user encrypt passwords=yes [foo] path=/tmp/foo read only=yes The owner&mode of /tmp/foo is: ------------------------------------------ % ls -ld /tmp/foo drwx-r-xr-x 3 joe joe 1024 Sep 23 13:52 /tmp/foo I've setup a smbpasswd file containing users "joe" and "sue", both with passwords. I can connect to \\mymachine\foo as "joe" or "sue" ok from my Windows 2000 PC. I connect it to drive K: and can see all the files in /tmp/foo. However: -when connected via samba as "joe" I can successfully paste files into /tmp/foo. (not expected) -when connected via samba as "sue" I cannot paste files into /tmp/foo. (expected) It appears the UNIX file permissions are overriding the Samba configuration. I thought Samba worked the other way around but without allowing more rights than the UNIX permissions provide. In other words, why does "joe" have write access to a samba service defined as "read only" in the samba configuration? I also checked the "Properties/Security" of the share from my Windows 2000 PC and it says: Allow Joe Full Control Allow Everyone Read & Execute If this is how it is supposed to work then life gets difficult in the following circumstance: If I have a directory I want to make mountable from Samba as read only, I need to be careful and check all directory and file permissions to ensure no one connecting via Samba will have a UNIX write permission that overrides the Samba setting of "read only". Is this correct behavior for Samba? Is there a way to make a service truely read only no matter who is connected and who ownes the files? I also discovered that if sue's group matches the group ownership of /tmp/foo, then sue has write access IF /tmp/foo is group writeable. Thanks in advance. Samba set up quickly and seems to work great, except for this little bit of strangeness. -Jim ---------------------------------------------------- James E. Sullivan | Northrop Grumman IT Building 12B | on site at: NIH/CIT/DCSS/SOSB Room 2N207 | Phone:301-451-6372 Bethesda, MD 20892 | Email:[EMAIL PROTECTED] ----------------------------------------------------- -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba