On Tue, 2005-02-22 at 09:17 -0500, Josh Kelley wrote: > I tried using the fake_perms module to set up some read-only profiles > and couldn't get it to work. Could someone please point out what I'm > doing wrong? > > I created a copy of my regular [profiles] share with the fake_perms > module loaded: > [staticprofiles] > path = /staticprofiles > invalid users = root > browseable = yes > csc policy = disable > veto oplock files = /prf*.tmp/ > vfs object = fake_perms > > I created the staticprofiles directory and a subdirectory for the > account named "alumni": > mkdir /staticprofiles > mkdir /staticprofiles/alumni > chown alumni:users /staticprofiles/alumni
No, the chown should be root:root > I set the alumni account to use the staticprofiles share instead of the > profiles share that everyone else uses: > pdbedit -u alumni -p '\\myserver\staticprofiles' > > It's my understanding that under this setup, the alumni account would be > unable to write to \\myserver\staticprofiles\alumni via Samba but that > it wouldn't get any errors when it tries to write. But that's not what > happens. If the alumni account has write permissions to the > /staticprofiles/alumni directory, then it can write to it via Samba. If > it doesn't have permissions, then it gets an access denied error when it > tries to write. > > Am I doing something wrong? Or do I misunderstand what fake_perms is > supposed to do? The profile is intended to be read-only, and the ntuser.dat should be renamed ntuser.man to give the client the hint. This ensures the client doesn't try to write back, and the real FS permissions ensures that they can't. The thing being faked is the copied permissions that the client uses on the client NTFS filesystem. If the permissions were read-only to the user, the profile copy would fail (write into read-only dir). fake_perms actually shares much of it's behaviour with 'profile acls = yes', and I probably should have just fixed that behaviour, but anyway... Andrew Bartlett -- Andrew Bartlett http://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org Student Network Administrator, Hawker College http://hawkerc.net
signature.asc
Description: This is a digitally signed message part
-- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
