[Samba] File permissions
Hi, I recently rebuilt my Domain controller and after working on it it seems that file permissions with the new Samba file server are not the same, and I'm wondering if this is expected. If I do this in smb.conf: server services = +smb -dns -s3fs dcerpc endpoint servers = +winreg +srvsvc Then when a windows users creates a file using samba on my server then the files are created using that users, uid. If I remove those lines (excep the -dns) when the windows users create the file it is created with a uid of 30: middleearth:/home/samba/public$ ls -l total 503608 ... drwxr-sr-x 2 dumaresq users 4096 Dec 8 11:47 New folder drwxrwsrwx+ 2 300 users 4096 Dec 8 11:55 New folder (2) ... The first file was created with server services = +smb -dns -s3fs dcerpc endpoint servers = +winreg +srvsvc with just -dns. I am wondering if this is expected, is the new way to create a file that nobody owns and then change the ACLs so the correct people have access, or is something wrong with my setup? Thanks -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] File permissions 0070 with Office 2010 after saving
I solved that by playing around with the oplocks [global] kernel oplocks = no oplocks = no level2 oplocks = no Shares: veto oplock files = /*.doc/*.docx/*.xls/*.xlsx/*.pptx/*.ppsx/*.ppt/*.pps Then it was working again with 7 and samba 3.6.0 - but yes it was no problem with 3.5.11 and 7 regards Martin I think this is a recurrence of an old bug. Running Samba 3.5.4 with CTDB on GPFS 3.4.0.6 with the vfs_gpfs module using CentOS 5.6. It is a vanilla CentOS RPM's with the vfs_gpfs module a self compiled add on. Running with NFSv4 ACL's. Basically what happens is when a user saves a file in Office 2010 (no Office 2007 to test with) with Windows 7 on the Unix side the permissions on the file get set to 0070 and all hell breaks loose. Some references on very similar issues in the past https://bugzilla.redhat.com/show_bug.cgi?id=462069 http://forums.novell.com/suse/suse-product-discussion-forums/suse-linux-enterprise/suse-linux-enterprise-server-sles/sles-networking/383114-office-2007-samba-acl-problems-owner-read-only.html The only difference is that we get 0070 permissions now instead of 0470. It only seems to effect files saved with Office 2010. JAB. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] File permissions 0070 with Office 2010 after saving
I think this is a recurrence of an old bug. Running Samba 3.5.4 with CTDB on GPFS 3.4.0.6 with the vfs_gpfs module using CentOS 5.6. It is a vanilla CentOS RPM's with the vfs_gpfs module a self compiled add on. Running with NFSv4 ACL's. Basically what happens is when a user saves a file in Office 2010 (no Office 2007 to test with) with Windows 7 on the Unix side the permissions on the file get set to 0070 and all hell breaks loose. Some references on very similar issues in the past https://bugzilla.redhat.com/show_bug.cgi?id=462069 http://forums.novell.com/suse/suse-product-discussion-forums/suse-linux-enterprise/suse-linux-enterprise-server-sles/sles-networking/383114-office-2007-samba-acl-problems-owner-read-only.html The only difference is that we get 0070 permissions now instead of 0470. It only seems to effect files saved with Office 2010. JAB. -- Jonathan A. Buzzard Email: jonathan (at) buzzard.me.uk Fife, United Kingdom. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] File permissions confusion
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 04/20/2011 09:42 AM, TAKAHASHI Motonobu wrote: >>> Is there a way to have the actual, real, local permissions shown to >>> remote hosts? > > No, CIFS essentially do not have the semantics of "permission". > Because it is natively used to share Windows file system, which does > not have the semantics. > > The permissions of mounted shares are created by client CIFS module > internally and vanished when umounted. > > This is not the limitation of Samba or CIFS module but of CIFS > protocol. > > Use NFS instead. > Thank you. - -- James Moe moe dot james at sohnen-moe dot com 520.743.3936 -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.15 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAk2vr6EACgkQzTcr8Prq0ZOs7wCdHMqTwZcX5JhNrkhe+q0IIlAs 99IAnAxChWslO3rFLUb+0W5xsbocQpjX =fJub -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] File permissions confusion
From: James Moe Date: Wed, 20 Apr 2011 09:21:04 -0700 > > samba Version 3.5.4-5.3.1-2489-SUSE-SL11.3 > > > > I do not understand why the file permissions of mounted shares are > > different when the share is viewed locally and when viewed remotely. > > > > [...] > > Is there a way to have the actual, real, local permissions shown to > > remote hosts? No, CIFS essentially do not have the semantics of "permission". Because it is natively used to share Windows file system, which does not have the semantics. The permissions of mounted shares are created by client CIFS module internally and vanished when umounted. This is not the limitation of Samba or CIFS module but of CIFS protocol. Use NFS instead. --- TAKAHASHI Motonobu -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] File permissions confusion
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 04/11/2011 01:13 PM, James Moe wrote: > Hello, > samba Version 3.5.4-5.3.1-2489-SUSE-SL11.3 > > I do not understand why the file permissions of mounted shares are > different when the share is viewed locally and when viewed remotely. > > [...] > Is there a way to have the actual, real, local permissions shown to > remote hosts? > And to have the ability to change the permissions remotely? > No one?!? - -- James Moe moe dot james at sohnen-moe dot com 520.743.3936 -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.15 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAk2vB/AACgkQzTcr8Prq0ZN7wwCfcTq0AYxjzHmuyethR+sThwPA yx8AoI6f5XhalQRnMtR8ZkOZpvJ7iss8 =LZng -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] File permissions confusion
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 04/11/2011 01:13 PM, James Moe wrote: > samba Version 3.5.4-5.3.1-2489-SUSE-SL11.3 > > I do not understand why the file permissions of mounted shares are > different when the share is viewed locally and when viewed remotely. > [...] > Is there a way to have the actual, real, local permissions shown to > remote hosts? > And to have the ability to change the permissions remotely? > Either this is profoundly obvious or very obscure. :-( Can anyone recommend resources that discuss this issue? - -- James Moe moe dot james at sohnen-moe dot com 520.743.3936 -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.15 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAk2l4OcACgkQzTcr8Prq0ZPawgCgsJqhPWnEJeq2u5b6zGLIgXEH M4YAoIpRx1pC9N0Eagxoy1vInUhR3Amj =4Vzf -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] File permissions confusion
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hello, samba Version 3.5.4-5.3.1-2489-SUSE-SL11.3 I do not understand why the file permissions of mounted shares are different when the share is viewed locally and when viewed remotely. When I initially created a share, for instance with "//sma-nas-01/photos/v cifs credentials=/home/sma-user4/.smb/.smbpw,uid=jmoe,gid=users" in , a long directory listing (ls -l) show ALL permissions as "775", regardless of the actual permissions as displayed locally. This was not good, showing everything as executable. I then added "file_mode=0664,dir_mode=0775" to the mount options and got reasonable settings for the permissions. They, however, are not the true settings. Again samba has masked over reality. Using "chmod" to alter the file permissions does not work. The action is simply ignored. Is there a way to have the actual, real, local permissions shown to remote hosts? And to have the ability to change the permissions remotely? - -- James Moe moe dot james at sohnen-moe dot com 520.743.3936 -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.15 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAk2jYNYACgkQzTcr8Prq0ZMDbACfRIOQTy0Gt3erz+ZeGiHpjbag XeIAnA3yvV4RFVx01ZSIkXLKDOiSUV+t =J5BS -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] File Permissions 770 vs 760
Fred Legace wrote: I am running Ubuntu 10.04 LTS Server. My problem is if I use "create mode = 770", WinXP users can only manage a 760 permission setting. That will not allow someone else in the group to set the file to readonly Well, I just checked a couple of recently created files from a WinXP client machine on our Ubuntu 10.04 LTS server. Quite dismayed at what I find! First off, this is our share: [data] comment = Shared Application Data Files path = /srv/shares/data guest ok = no read only = no create mask = 0666 directory mask = 0777 Wide open public dumping ground for data files! ;-) New directory, no surprises: drwxrwxrwx+ 2 mdlueck mdlueck4096 2010-12-30 09:14 2010 New files, however... -rwxrwxrwx+ 1 klueck klueck 226247 2010-12-30 15:16 -rw-rwxrw-+ 1 klueck klueck 379849 2010-12-30 15:16 No idea why ACL's are getting on the files. No idea why new files end up totally / partially executable. GREAT! :-( -- Michael Lueck Lueck Data Systems http://www.lueckdatasystems.com/ -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] File Permissions 770 vs 760
I hope I did not miss something obvious, but I am having some file permission issues. I am running Ubuntu 10.04 LTS Server. I have some directories served up by Samba. I force a group name to be used for all files created on these directories to which all users belong. In one directory I need to force users to save files with 770 permission for draft documents so that other users can work on them When finally ready to publish the document, one of the users will save a copy with the permissions set to 550 to maintain an archive of the file at that point in time. My problem is if I use "create mode = 770", WinXP users can only manage a 760 permission setting,. That will not allow someone else in the group to set the file to readonly from WinXP though. If I use "force create mode = 770" I cannot set the file to readonly from the WinXP client as it will always be forced to be editable. Any suggestions? -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] File permissions getting destroyed with M$ software on ZFS
Hi, Thanks for your input. B.t.w., I use security = ADS I tried hundreds of combinations of configurations and options, but it just won't work. It works rather ok if you limit it to the Unix permissions ( plain user and group permissions ) , but as soon as you try to put an ace referring to an AD group, it totally looses track. example 1: root# ls -l /pool2/gisdata drwxrwx---+ 4 ackerra gis4 Oct 5 10:58 d1 drwxrwx--- 3 ackerra gis3 Oct 5 12:01 d2 drwxrwxr-x 2 regio-gis10 gis2 Oct 5 11:55 d3 root # ls -lvd /pool2/gisdata/d1 drwxrwx---+ 4 ackerra gis4 Oct 5 10:58 d1 0:group:regio-users:list_directory/read_data/read_xattr/execute /read_attributes/read_acl:allow 1:owner@:list_directory/read_data/add_file/write_data/add_subdirectory /append_data/write_xattr/execute/write_attributes/write_acl /write_owner/synchronize:file_inherit/dir_inherit:allow 2:group@:list_directory/read_data/add_file/write_data/add_subdirectory /append_data/execute/synchronize:file_inherit/dir_inherit:allow 3:group:regio-users:list_directory/read_data/read_xattr/execute /read_attributes/read_acl/synchronize:file_inherit/dir_inherit :allow I mount the share (/pool2/gisdata) on a XP workstation, being AD user 'regio-gis10', memeber of AD group 'regio-users' , having no unix account. In Windows explorer, I can see d2 and d3, but not d1 example 2: root # ls -lvd /pool2/gisdata/d2 drwxrwx--- 3 ackerra gis3 Oct 5 12:01 d2 0:owner@::deny 1:owner@:list_directory/read_data/add_file/write_data/add_subdirectory /append_data/write_xattr/execute/write_attributes/write_acl /write_owner:allow 2:group@::deny 3:group@:list_directory/read_data/add_file/write_data/add_subdirectory /append_data/execute:allow 4:everyone@:list_directory/read_data/add_file/write_data /add_subdirectory/append_data/write_xattr/execute/write_attributes /write_acl/write_owner:deny 5:everyone@:read_xattr/read_attributes/read_acl/synchronize:allow One would think that an arbitrary AD user ( regio-gis10 in this case ) does not have access on the directory d2, no ? Well, it is not the case ... via samba I could create a directory dx in d2, being the AD user 'regio-gis10'. root # ls -l /pool2/gisdata/d2 total 3 drwxrwx--- 2 regio-gis10 gis2 Oct 5 12:01 dx So sometimes I get extra permissions, sometimes I get too few permissions, but it is never right ... wbinfo, net ads and getent commands all work perfectly, and give the accurate info though. smb.conf : [gisdata] path = /pool2/gisdata #admin users = ackerra force group = gis read only = no create mask = 0660 directory mask = 0770 force unknown acl user = yes acl check permissions = no inherit permissions = yes inherit acls = yes #map acl inherit = yes store dos attributes = yes easupport = yes map read only = no map archive = no map hidden = no map system = no vfs objects = zfsacl nfs4:acedup = merge nfs4:mode = special zfsacl: aceorder = dontcare samba version is solaris bundled version 3.0.35 rgrds, -- View this message in context: http://samba.2283325.n4.nabble.com/File-permissions-getting-destroyed-with-M-software-on-ZFS-tp2915766p2955872.html Sent from the Samba - General mailing list archive at Nabble.com. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] File permissions getting destroyed with M$ software on ZFS
I had a lot of problems with this as well.I found it hard to find much documentation on the zfs module in samba from either samba or sun. (PS- A big thumbs down to Sun and the OpenSolaris crowd for apparently abandoning samba.) I am running Samba 3.0.x from Sun on two servers and samba 3.4.x compiled from source on the third. I eventually opened a support case with Sun which did help (somewhat.) Did you check the permissions of the parent directory? There may be an inheritance issue. Usually the following worked for me: chmod -R A- thedirectory chmod -R A=owner@:rwxpdDaARWcCos:allow ?thedirectory chmod -R A+group@:rwxpdDaARWcCos:allow ?thedirectory My share defintions looks like the following (the nfs4 and zfsacl options were recommended by sun tech support.) vfs objects = zfsacl inherit permissions = Yes inherit acls = Yes nfs4:acedup = merge nfs4:chown = yes nfs4: mode = special mapread only = no ea support = yes store dos attributes = yes create mask = 0770 force create mode = 0600 directory mask = 0775 force directory mode = 0600 zfsacl: acesort = dontcare PS. Are your samba shares on top of autofs shares? If so, you may also need to do the following. # chmod A+user:nobody:aRc:allow thedirectory So far it seems to work OK. On 10/04/2010 06:06 AM, RegioGis wrote: Hi, I see you use samba with zfs. But how on earth do you prevent the 'deny' aces from being the first in the ACL, and thus denying all access to the resource ? I'm able to add permissions via the MS UI ( I added an AD group 'regio-users' ) When I then create a file or folder via Samba, I get this on the Solaris box : root # ll -V db1.mdb -rw-rw+ 1 ackerra gis98304 Oct 4 11:49 db1.mdb group:regio-users:--x---:--:deny group:regio-users:r-x---a-Rs:--:allow owner@:--x---:--:deny owner@:rw-p---A-W-Co-:--:allow group@:--x---:--:deny group@:rw-p--:--:allow everyone@:rwxp---A-W-Co-:--:deny everyone@:--a-R-c--s:--:allow Thus denying all access to 'regio-users' How do you solve this ?( I defined the share exactly as you specified ) Rgrds, -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] File permissions getting destroyed with M$ software on ZFS
Hi, I see you use samba with zfs. But how on earth do you prevent the 'deny' aces from being the first in the ACL, and thus denying all access to the resource ? I'm able to add permissions via the MS UI ( I added an AD group 'regio-users' ) When I then create a file or folder via Samba, I get this on the Solaris box : root # ll -V db1.mdb -rw-rw+ 1 ackerra gis98304 Oct 4 11:49 db1.mdb group:regio-users:--x---:--:deny group:regio-users:r-x---a-Rs:--:allow owner@:--x---:--:deny owner@:rw-p---A-W-Co-:--:allow group@:--x---:--:deny group@:rw-p--:--:allow everyone@:rwxp---A-W-Co-:--:deny everyone@:--a-R-c--s:--:allow Thus denying all access to 'regio-users' How do you solve this ?( I defined the share exactly as you specified ) Rgrds, -- View this message in context: http://samba.2283325.n4.nabble.com/File-permissions-getting-destroyed-with-M-software-on-ZFS-tp2915766p2954071.html Sent from the Samba - General mailing list archive at Nabble.com. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] File permissions getting destroyed with M$ software on ZFS
Please ignore previous message. I messed up some testing results I'm trying to clear out things straight first. -- View this message in context: http://samba.2283325.n4.nabble.com/File-permissions-getting-destroyed-with-M-software-on-ZFS-tp2915766p2954213.html Sent from the Samba - General mailing list archive at Nabble.com. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] File permissions getting destroyed with M$ software on ZFS
Well, I think I got it fixed, but not sure if it is the correct way. This is what my share ens looks like now: [ens] comment = ENS Groups path = /XKA2/admin/ENS valid users = +admin force group = admin read only = No create mask = 0770 force create mode = 0770 security mask = 0770 directory mask = 02770 inherit permissions = Yes inherit acls = Yes nt acl support = No map archive = No map readonly = permissions store dos attributes = Yes vfs objects = zfsacl nfs4:acedup = merge nfs4:mode = special I changed "nt acl support" to No. On 10/1/10 8:15 AM, CJ Keist wrote: All, Running Samba 3.5.4 on Solaris 10 with ZFS file system. I have issues where we have shared group folders. In these folders a userA in GroupA create file just fine with the correct inherited permissions 660. Problem is when userB in GroupA reads and modifies that file, with M$ office apps, the permissions get whacked to 060+ and the file becomes read only by everyone. I did google this and found exactly someone else with the same problem with a fix! But the fix is not working for me, so looking for some more help and incite to this problem. The following are the two URLs I found which looked like a fix to my problem: http://lists.samba.org/archive/samba/2008-November/145094.html https://bugzilla.samba.org/show_bug.cgi?id=6050 I have implemented those settings, but I still see the problem of the file permissions getting whacked. Here is my conf file: [global] workgroup = ENGR_DOM server string = Samba Server interfaces = e1000g0, lo0 bind interfaces only = Yes security = DOMAIN passdb backend = smbpasswd client NTLMv2 auth = Yes map untrusted to domain = Yes log level = 1 log file = /var/log/samba/logs/log.%m name resolve order = host bcast unix extensions = No max open files = 1 load printers = No domain master = No dns proxy = No lock spin time = 3 veto oplock files = /*.doc/*.DOC/*.docx/*.DOCX/*.xlsx/*.XLSX/*.xls/*.XLS/*.ppt/*.PPT/*.pst/*.PST/*.mdb/*.MDB/*.ldb/*.LDB/*.vsd/*.VSD/*.dwg/*.DWG/*.cdr/*.CDR/ strict locking = No [homes] comment = Home Directories read only = No create mask = 0640 directory mask = 0751 force directory mode = 0751 directory security mask = 0750 inherit permissions = Yes inherit owner = Yes browseable = No level2 oplocks = No vfs objects = zfsacl nfs4:acedup = merge nfs4:mode = special [ens] comment = ENS Groups path = /XKA2/admin/ENS valid users = +admin force group = admin read only = No create mask = 0770 directory mask = 02770 inherit permissions = Yes inherit acls = Yes map archive = No map readonly = permissions vfs objects = zfsacl nfs4:acedup = merge nfs4:mode = special The issue is in the ENS share. I also have the ZFS file system aclmode and aclinherit set to passthrough, see output of zfs get all: kame % zfs get all fsdata/admin/ENS NAME PROPERTY VALUE SOURCE fsdata/admin/ENS type filesystem - fsdata/admin/ENS creation Mon Mar 15 14:47 2010 - fsdata/admin/ENS used 73.6G - fsdata/admin/ENS available 9.35T - fsdata/admin/ENS referenced73.6G - fsdata/admin/ENS compressratio 1.15x - fsdata/admin/ENS mounted yes- fsdata/admin/ENS quota none default fsdata/admin/ENS reservation none default fsdata/admin/ENS recordsize64K inherited from fsdata/admin fsdata/admin/ENS mountpoint/XKA2/admin/ENS inherited from fsdata fsdata/admin/ENS sharenfs rw,anon=0 inherited from fsdata/admin fsdata/admin/ENS checksum on default fsdata/admin/ENS compression on inherited from fsdata fsdata/admin/ENS atime off inherited from fsdata fsdata/admin/ENS devices on default fsdata/admin/ENS exec on default fsdata/admin/ENS setuidon default fsdata/admin/ENS readonly offdefault fsdata/admin/ENS zoned offdefault fsdata/admin/ENS snapdir hidden default fsdata/admin/ENS aclmode passthrough inherited from fsdata/admin fsdata/admin/ENS aclinheritpassthrough inherited from fsdata/admin fsdata/admin/ENS canmount on default fsdata/admin/ENS shareiscsi
[Samba] File permissions getting destroyed with M$ software on ZFS
All, Running Samba 3.5.4 on Solaris 10 with ZFS file system. I have issues where we have shared group folders. In these folders a userA in GroupA create file just fine with the correct inherited permissions 660. Problem is when userB in GroupA reads and modifies that file, with M$ office apps, the permissions get whacked to 060+ and the file becomes read only by everyone. I did google this and found exactly someone else with the same problem with a fix! But the fix is not working for me, so looking for some more help and incite to this problem. The following are the two URLs I found which looked like a fix to my problem: http://lists.samba.org/archive/samba/2008-November/145094.html https://bugzilla.samba.org/show_bug.cgi?id=6050 I have implemented those settings, but I still see the problem of the file permissions getting whacked. Here is my conf file: [global] workgroup = ENGR_DOM server string = Samba Server interfaces = e1000g0, lo0 bind interfaces only = Yes security = DOMAIN passdb backend = smbpasswd client NTLMv2 auth = Yes map untrusted to domain = Yes log level = 1 log file = /var/log/samba/logs/log.%m name resolve order = host bcast unix extensions = No max open files = 1 load printers = No domain master = No dns proxy = No lock spin time = 3 veto oplock files = /*.doc/*.DOC/*.docx/*.DOCX/*.xlsx/*.XLSX/*.xls/*.XLS/*.ppt/*.PPT/*.pst/*.PST/*.mdb/*.MDB/*.ldb/*.LDB/*.vsd/*.VSD/*.dwg/*.DWG/*.cdr/*.CDR/ strict locking = No [homes] comment = Home Directories read only = No create mask = 0640 directory mask = 0751 force directory mode = 0751 directory security mask = 0750 inherit permissions = Yes inherit owner = Yes browseable = No level2 oplocks = No vfs objects = zfsacl nfs4:acedup = merge nfs4:mode = special [ens] comment = ENS Groups path = /XKA2/admin/ENS valid users = +admin force group = admin read only = No create mask = 0770 directory mask = 02770 inherit permissions = Yes inherit acls = Yes map archive = No map readonly = permissions vfs objects = zfsacl nfs4:acedup = merge nfs4:mode = special The issue is in the ENS share. I also have the ZFS file system aclmode and aclinherit set to passthrough, see output of zfs get all: kame % zfs get all fsdata/admin/ENS NAME PROPERTY VALUE SOURCE fsdata/admin/ENS type filesystem - fsdata/admin/ENS creation Mon Mar 15 14:47 2010 - fsdata/admin/ENS used 73.6G - fsdata/admin/ENS available 9.35T - fsdata/admin/ENS referenced73.6G - fsdata/admin/ENS compressratio 1.15x - fsdata/admin/ENS mounted yes- fsdata/admin/ENS quota none default fsdata/admin/ENS reservation none default fsdata/admin/ENS recordsize64Kinherited from fsdata/admin fsdata/admin/ENS mountpoint/XKA2/admin/ENSinherited from fsdata fsdata/admin/ENS sharenfs rw,anon=0 inherited from fsdata/admin fsdata/admin/ENS checksum on default fsdata/admin/ENS compression on inherited from fsdata fsdata/admin/ENS atime offinherited from fsdata fsdata/admin/ENS devices on default fsdata/admin/ENS exec on default fsdata/admin/ENS setuidon default fsdata/admin/ENS readonly offdefault fsdata/admin/ENS zoned offdefault fsdata/admin/ENS snapdir hidden default fsdata/admin/ENS aclmode passthroughinherited from fsdata/admin fsdata/admin/ENS aclinheritpassthroughinherited from fsdata/admin fsdata/admin/ENS canmount on default fsdata/admin/ENS shareiscsioffdefault fsdata/admin/ENS xattr on default fsdata/admin/ENS copies1 default fsdata/admin/ENS version 4 - fsdata/admin/ENS utf8only off- fsdata/admin/ENS normalization none - fsdata/admin/ENS casesensitivity sensitive - fsdata/admin/ENS vscan offdefault fsdata/admin/ENS nbmandoffdefault fsdata/admin/ENS sharesmb offdefault fsdata/admi
Re: [Samba] File permissions
On Donnerstag, 3. Juni 2010 wrote Steve Wolfe: > Samba 3.4.7-58.fc12, windows 7 client. > > I have a share where, if I right-click and chose "properties", > everything shows up as "read only". I can un-check that, hit apply, > and if I view the properties again, they are read only. > > Interestingly enough, I can go in and create files, modify files, > rename files, delete files, etc.. However, some of the users' > software checks for read-only status, and is throwing errors. > > Here's the smb.conf section: > > [Apps] > path=/home/apps > force user=appsuser > force group=appsuser > read only=no > writeable=yes > oplocks = False > level2 oplocks = False > > Directory looks like this: > > drwxrwxr-x 94 appsuser appsuser 20K 2010-06-02 14:32 apps > > Files inside of it have permissions similar to these: > > -rwxr-xr-x1 appsuser appsuser 424K 2009-10-01 15:54 AAUTOLN.DLL > -rwxr-xr-x1 appsuser appsuser 894 2008-07-23 08:37 > Accounting.HSICTB > > Any clues? Windows is a little bit different; you should never use usergroups. Setting up a user appsuser and a group appsuser is not supported by Windows Server products and not supported by Samba Servers. -- regards Harry Jede -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] File permissions
It's not installed. I logged on as a domain administrator and unchecked the "read only", now it still appears on directories, but NOT on individual files. The software now succeeds. I'd still like to fix the issue if possible, but if not... employees are able to work. :-D On Wed, Jun 2, 2010 at 4:25 PM, Jorge Alberto Garcia < jorge.garcia.gonza...@gmail.com> wrote: > Hi Steve, > > Do you have installed the "acl" ? also check if filesystem below have > the option "acl" enabled. > > > Saludos! > > 2010/6/3 Steve Wolfe > >> Samba 3.4.7-58.fc12, windows 7 client. >> >> I have a share where, if I right-click and chose "properties", everything >> shows up as "read only". I can un-check that, hit apply, and if I view >> the >> properties again, they are read only. >> >> Interestingly enough, I can go in and create files, modify files, rename >> files, delete files, etc.. However, some of the users' software checks >> for >> read-only status, and is throwing errors. >> >> Here's the smb.conf section: >> >> [Apps] >>path=/home/apps >>force user=appsuser >>force group=appsuser >>read only=no >>writeable=yes >>oplocks = False >>level2 oplocks = False >> >> Directory looks like this: >> >> drwxrwxr-x 94 appsuser appsuser 20K 2010-06-02 14:32 apps >> >> Files inside of it have permissions similar to these: >> >> -rwxr-xr-x1 appsuser appsuser 424K 2009-10-01 15:54 AAUTOLN.DLL >> -rwxr-xr-x1 appsuser appsuser 894 2008-07-23 08:37 Accounting.HSICTB >> >> Any clues? >> -- >> To unsubscribe from this list go to the following URL and read the >> instructions: https://lists.samba.org/mailman/options/samba >> > > -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] File permissions
Hi Steve, Do you have installed the "acl" ? also check if filesystem below have the option "acl" enabled. Saludos! 2010/6/3 Steve Wolfe > Samba 3.4.7-58.fc12, windows 7 client. > > I have a share where, if I right-click and chose "properties", everything > shows up as "read only". I can un-check that, hit apply, and if I view the > properties again, they are read only. > > Interestingly enough, I can go in and create files, modify files, rename > files, delete files, etc.. However, some of the users' software checks for > read-only status, and is throwing errors. > > Here's the smb.conf section: > > [Apps] >path=/home/apps >force user=appsuser >force group=appsuser >read only=no >writeable=yes >oplocks = False >level2 oplocks = False > > Directory looks like this: > > drwxrwxr-x 94 appsuser appsuser 20K 2010-06-02 14:32 apps > > Files inside of it have permissions similar to these: > > -rwxr-xr-x1 appsuser appsuser 424K 2009-10-01 15:54 AAUTOLN.DLL > -rwxr-xr-x1 appsuser appsuser 894 2008-07-23 08:37 Accounting.HSICTB > > Any clues? > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba > -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] File permissions
Samba 3.4.7-58.fc12, windows 7 client. I have a share where, if I right-click and chose "properties", everything shows up as "read only". I can un-check that, hit apply, and if I view the properties again, they are read only. Interestingly enough, I can go in and create files, modify files, rename files, delete files, etc.. However, some of the users' software checks for read-only status, and is throwing errors. Here's the smb.conf section: [Apps] path=/home/apps force user=appsuser force group=appsuser read only=no writeable=yes oplocks = False level2 oplocks = False Directory looks like this: drwxrwxr-x 94 appsuser appsuser 20K 2010-06-02 14:32 apps Files inside of it have permissions similar to these: -rwxr-xr-x1 appsuser appsuser 424K 2009-10-01 15:54 AAUTOLN.DLL -rwxr-xr-x1 appsuser appsuser 894 2008-07-23 08:37 Accounting.HSICTB Any clues? -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] File permissions
On Mon, Jan 19, 2009 at 3:29 PM, Daniel L. Miller wrote: > John H Terpstra wrote: >> >> On Sunday 18 January 2009 18:38:25 Daniel L. Miller wrote: >> >>> >>> Is it possible to define file rights, such that - >>> >>> The file is owned by root, with full privleges on the Linux server. >>> The file is shared by a group "users". >>> The shared file should be available for read and write access. >>> >>> That part's easy - but now >>> >>> Deny delete, overwrite, or rename access to this file. Is this possible? >>> -- >>> Daniel >>> >> >> Please explain how a user can have write access to a file but not >> overwrite access? >> The ability to write implies the ability to change the name as well as the >> contents of a file. >> Can you provide a clear description of what you really wish to achieve? >> >> - John T. >> > > Oh - you want me to tell you want I want to do, so you can tell me the right > way how - instead of helping with the wrong way to do it? Geez... > If you allow writing to a file there is no way to prevent overwriting the file with anything. I believe preventing renaming, and deleting are possible if you restrict the posix permissions so that writes on the folder are not permitted by the users. rename and a delete are write operations on the folder not the file. John -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] File permissions
On Monday 19 January 2009 14:29:16 Daniel L. Miller wrote: > John H Terpstra wrote: > > On Sunday 18 January 2009 18:38:25 Daniel L. Miller wrote: > >> Is it possible to define file rights, such that - > >> > >> The file is owned by root, with full privleges on the Linux server. > >> The file is shared by a group "users". > >> The shared file should be available for read and write access. > >> > >> That part's easy - but now > >> > >> Deny delete, overwrite, or rename access to this file. Is this > >> possible? -- > >> Daniel > > > > Please explain how a user can have write access to a file but not > > overwrite access? > > > > The ability to write implies the ability to change the name as well as > > the contents of a file. > > > > Can you provide a clear description of what you really wish to achieve? > > > > - John T. > > Oh - you want me to tell you want I want to do, so you can tell me the > right way how - instead of helping with the wrong way to do it? Geez... Nice try. I'm only trying to help you. If a user has write access then the file can be overwritten or renamed. There is no getting around that. > Ok, since you insist. I'm trying to accommodate Quickbooks (Enterprise > Edition). Users need to be able to open the file for read & write > access or Quickbooks complains. However, I don't want the clients to be > able to destroy the file (outside of Quickbooks). So I need to allow > read/write via Samba - but I want to protect the file as much as possible. If I understand correctly Quickbooks is accessing the files over the Samba share. Correct? If so, then the file must be writable. Is it necessary for users to update the files within Quickbooks? I presume the answer is: Yes! If yes, this means the file must actually be writable - there is no escape from this need. Right? If not, then you can use the VFS module 'readonly' to fake read-write but actually not allow writing to the share. > I have the UNIX file owned by root (which the QB SQL server runs as). > The UNIX group ownership is the windows users. Setting the UNIX group > privileges to read only results in QB errors. So I don't see how to > protect it just using UNIX privileges - so I thought perhaps there was a > way via Samba. I (mis)remember some Windoze ACL's might allow for this > type of special access control. > > If Quickbooks used a real SQL interface, then it wouldn't be a problem. > But...it doesn't. Sorry, I can;t help you there. Please speak with Quickbooks about your needs. That way you might help them to create a case to support other platforms. Cheers, John T. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] File permissions
John H Terpstra wrote: On Sunday 18 January 2009 18:38:25 Daniel L. Miller wrote: Is it possible to define file rights, such that - The file is owned by root, with full privleges on the Linux server. The file is shared by a group "users". The shared file should be available for read and write access. That part's easy - but now Deny delete, overwrite, or rename access to this file. Is this possible? -- Daniel Please explain how a user can have write access to a file but not overwrite access? The ability to write implies the ability to change the name as well as the contents of a file. Can you provide a clear description of what you really wish to achieve? - John T. Oh - you want me to tell you want I want to do, so you can tell me the right way how - instead of helping with the wrong way to do it? Geez... Ok, since you insist. I'm trying to accommodate Quickbooks (Enterprise Edition). Users need to be able to open the file for read & write access or Quickbooks complains. However, I don't want the clients to be able to destroy the file (outside of Quickbooks). So I need to allow read/write via Samba - but I want to protect the file as much as possible. I have the UNIX file owned by root (which the QB SQL server runs as). The UNIX group ownership is the windows users. Setting the UNIX group privileges to read only results in QB errors. So I don't see how to protect it just using UNIX privileges - so I thought perhaps there was a way via Samba. I (mis)remember some Windoze ACL's might allow for this type of special access control. If Quickbooks used a real SQL interface, then it wouldn't be a problem. But...it doesn't. -- Daniel -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] File permissions
On Sunday 18 January 2009 18:38:25 Daniel L. Miller wrote: > Is it possible to define file rights, such that - > > The file is owned by root, with full privleges on the Linux server. > The file is shared by a group "users". > The shared file should be available for read and write access. > > That part's easy - but now > > Deny delete, overwrite, or rename access to this file. Is this possible? > -- > Daniel Please explain how a user can have write access to a file but not overwrite access? The ability to write implies the ability to change the name as well as the contents of a file. Can you provide a clear description of what you really wish to achieve? - John T. -- John H Terpstra "Don't do as I do; Show me better!" "If at first you don't succeed, don't go sky-diving!" -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] File permissions
On Sun, Jan 18, 2009 at 7:38 PM, Daniel L. Miller wrote: > Is it possible to define file rights, such that - > > The file is owned by root, with full privleges on the Linux server. > The file is shared by a group "users". > The shared file should be available for read and write access. > > That part's easy - but now > > Deny delete, overwrite, or rename access to this file. Is this possible? > -- Deny write access on the folder. John -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] File permissions
Is it possible to define file rights, such that - The file is owned by root, with full privleges on the Linux server. The file is shared by a group "users". The shared file should be available for read and write access. That part's easy - but now Deny delete, overwrite, or rename access to this file. Is this possible? -- Daniel -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] File permissions
please, if posible, post the output of the following two commands: #getfacl name_of_folder_where_file_is_in and # getfacl name_of_file_that_you_want_delete_and_alter Regards, - iarly Selbir ( Ski0s ) On Wed, Dec 3, 2008 at 2:56 PM, <[EMAIL PROTECTED]> wrote: > 755 root.matt > > I changed that to 755 root.root and changed the file permissions to 770 > bek.trusted (matt is part of the 'trusted' group). Now I can open the > file, but can't delete it.. I expected to be able to open it and delete > it.. > > > > > "John Drescher" <[EMAIL PROTECTED]> > 12/03/2008 11:49 AM > > To > [EMAIL PROTECTED] > cc > samba@lists.samba.org > Subject > Re: [Samba] File permissions > > > > > > > On Wed, Dec 3, 2008 at 12:42 PM, <[EMAIL PROTECTED]> wrote: > > Greetings, > > > > I'm running into a file permission issue. > > > > I have a share called "data" configured simply as: > > > > [data] > > read only = no > > path = /mnt/data > > > > For test purposes, I have a file called "t.jpg". > > > > -rwx-- 1 bek bek63793 2008-12-03 11:17 t.jpg > > > > I'm logged in as "matt" on my local computer. If I try to open this > file, > > I can't (which is what I expected). However, I can delete this file.. > > why? > > > > What are the permissions of the folder that this file is in? > > John > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/listinfo/samba > -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] File permissions
On Wed, Dec 3, 2008 at 12:56 PM, <[EMAIL PROTECTED]> wrote: > > 755 root.matt > > I changed that to 755 root.root and changed the file permissions to 770 > bek.trusted (matt is part of the 'trusted' group). Now I can open the file, > but can't delete it.. I expected to be able to open it and delete it.. > Must have write permissions on the folder to delete. John -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] File permissions
On Wed, Dec 03, 2008 at 11:56:26AM -0600, [EMAIL PROTECTED] wrote: > 755 root.matt > > I changed that to 755 root.root and changed the file permissions to 770 > bek.trusted (matt is part of the 'trusted' group). Now I can open the > file, but can't delete it.. I expected to be able to open it and delete > it.. Permission to delete a file in POSIX is an attribute of the containing directory (that's what you're modifying) not the file itself. Jeremy. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] File permissions
On Wed, Dec 3, 2008 at 1:06 PM, <[EMAIL PROTECTED]> wrote: > > So then explicit file permissions mean nothing? After changing the parent > directory to 770 and root.trusted, I was able to delete the file regardless > of what the actual file permissions are.. > See here about *nix file permissions: http://www.elated.com/articles/understanding-permissions/ John -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] File permissions
So then explicit file permissions mean nothing? After changing the parent directory to 770 and root.trusted, I was able to delete the file regardless of what the actual file permissions are.. "John Drescher" <[EMAIL PROTECTED]> 12/03/2008 12:00 PM To [EMAIL PROTECTED] cc samba@lists.samba.org Subject Re: [Samba] File permissions On Wed, Dec 3, 2008 at 12:56 PM, <[EMAIL PROTECTED]> wrote: > > 755 root.matt > > I changed that to 755 root.root and changed the file permissions to 770 > bek.trusted (matt is part of the 'trusted' group). Now I can open the file, > but can't delete it.. I expected to be able to open it and delete it.. > Must have write permissions on the folder to delete. John -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] File permissions
There are Acls Posix on the file or folder that the file is in? Regards, - iarly Selbir ( Ski0s ) On Wed, Dec 3, 2008 at 2:49 PM, John Drescher <[EMAIL PROTECTED]> wrote: > On Wed, Dec 3, 2008 at 12:42 PM, <[EMAIL PROTECTED]> wrote: > > Greetings, > > > > I'm running into a file permission issue. > > > > I have a share called "data" configured simply as: > > > > [data] > > read only = no > > path = /mnt/data > > > > For test purposes, I have a file called "t.jpg". > > > > -rwx-- 1 bek bek63793 2008-12-03 11:17 t.jpg > > > > I'm logged in as "matt" on my local computer. If I try to open this > file, > > I can't (which is what I expected). However, I can delete this file.. > > why? > > > > What are the permissions of the folder that this file is in? > > John > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/listinfo/samba > -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] File permissions
755 root.matt I changed that to 755 root.root and changed the file permissions to 770 bek.trusted (matt is part of the 'trusted' group). Now I can open the file, but can't delete it.. I expected to be able to open it and delete it.. "John Drescher" <[EMAIL PROTECTED]> 12/03/2008 11:49 AM To [EMAIL PROTECTED] cc samba@lists.samba.org Subject Re: [Samba] File permissions On Wed, Dec 3, 2008 at 12:42 PM, <[EMAIL PROTECTED]> wrote: > Greetings, > > I'm running into a file permission issue. > > I have a share called "data" configured simply as: > > [data] > read only = no > path = /mnt/data > > For test purposes, I have a file called "t.jpg". > > -rwx-- 1 bek bek63793 2008-12-03 11:17 t.jpg > > I'm logged in as "matt" on my local computer. If I try to open this file, > I can't (which is what I expected). However, I can delete this file.. > why? > What are the permissions of the folder that this file is in? John -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] File permissions
On Wed, Dec 3, 2008 at 12:42 PM, <[EMAIL PROTECTED]> wrote: > Greetings, > > I'm running into a file permission issue. > > I have a share called "data" configured simply as: > > [data] > read only = no > path = /mnt/data > > For test purposes, I have a file called "t.jpg". > > -rwx-- 1 bek bek63793 2008-12-03 11:17 t.jpg > > I'm logged in as "matt" on my local computer. If I try to open this file, > I can't (which is what I expected). However, I can delete this file.. > why? > What are the permissions of the folder that this file is in? John -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] File permissions
Greetings, I'm running into a file permission issue. I have a share called "data" configured simply as: [data] read only = no path = /mnt/data For test purposes, I have a file called "t.jpg". -rwx-- 1 bek bek63793 2008-12-03 11:17 t.jpg I'm logged in as "matt" on my local computer. If I try to open this file, I can't (which is what I expected). However, I can delete this file.. why? Based on everything I've read, the file system permissions take precedence over Samba permissions. So, my understanding is that even if "write list = matt", but the file is owned by 'bek', with permissions of 700, I would still be unable to modify/delete/read/whatever that file. Am I wrong? Any help is appreciated. Thanks! - Matt -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] File permissions and Unix umask.
Yes Jeremy, it seems that I can make the CIFS client violate the "forced" settings on the Samba server. Specific example: /* As root, issue the following mount command from client. */ mount.cifs //10.0.1.5/common /mnt/smb -o rw,uid=500,user=abdv29,password=*** /* Switch user to "abdv29" */ su - abdv29 /* Change directory to where the CIFS filesystem is mounted. */ cd /mnt/smb /* Set umask */ umask 0022 /* Create a couple of files using "touch" and "echo". */ touch f1 echo "xx" >f2 /* On a local EXT3 filesystem, I would expect the two files created above to each have the following symbolic permission: "rw-r--r--" and this is indeed so. On the CIFS mount, I would expect the "force create mode" to override the umask in both cases, giving symbolic permission of: "rw-rw-r--" This is so only for the file named "f2" created with "/bin/echo". The file created with "/bin/touch" has symbolic permissions of: "rw-r--r--" indicating that the client has violated the Server "force" settings. */ I have verified this happens with the following Samba versions: 1) Samba server version 3.0.28 running on RHEL-5 Samba client version 3.2.3 running on Fedora 9. "mount.cifs -V" does not show version number, just display usage message. 2) Samba server version 3.2.3 running on Fedora 9. Samba client version 3.0.28 running on RHEL-5. "mount.cifs -V" show version 1.0 Let me know if you need more information. Gerry. On Wed, 2008-10-08 at 17:24 -0700, Jeremy Allison wrote: > On Thu, Oct 09, 2008 at 11:18:49AM +1100, Gerry Marthe wrote: > > Hi Jeremy, > > > > Thanks - that does make sense. > > Can you tell me then why "/bin/touch" appears immune to the Samba > > settings? > > If you can make the CIFS client violate the > "forced" settings on the Samba server that's > a server bug and I'll fix it. > > Can you give me a specific example of this > happening (with Samba and CIFSFS version numbers > please) ? > > Jeremy. > > > > > This message has been scanned for viruses and dangerous content > by MailScanner and is believed to be clean. > This message has been scanned for viruses and dangerous content by MailScanner and is believed to be clean. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] File permissions and Unix umask.
On Thu, Oct 09, 2008 at 11:18:49AM +1100, Gerry Marthe wrote: > Hi Jeremy, > > Thanks - that does make sense. > Can you tell me then why "/bin/touch" appears immune to the Samba > settings? If you can make the CIFS client violate the "forced" settings on the Samba server that's a server bug and I'll fix it. Can you give me a specific example of this happening (with Samba and CIFSFS version numbers please) ? Jeremy. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] File permissions and Unix umask.
Hi Jeremy, Thanks - that does make sense. Can you tell me then why "/bin/touch" appears immune to the Samba settings? Gerry. On Wed, 2008-10-08 at 11:48 -0700, Jeremy Allison wrote: > On Thu, Oct 09, 2008 at 12:58:41AM +1100, Gerry Marthe wrote: > > > > The relevant section from smb.conf on the samba server is: > > > > [common] > > comment = Common Area > > path = /common > > read only = no > > valid users = @users > > create mask = 0660 > > force create mode = 0660 > > force directory mode = 775 > > write list = @users > > force group = users > > directory mask = 0775 > > > > The share is mounted on a Linux system with the following command: > > > > mount.cifs //localhost/common /mnt/smb -o > > rw,uid=600,gid=504,user=abdv29,password=*** > > > > >From what I have understood of the samba documentation, the various file > > creation masks specified > > by Samba do not override a client umask. > > You understood wrong. The server setting override all client > requests. That's why they're *force* create mode. > > Jeremy. > > > > > This message has been scanned for viruses and dangerous content > by MailScanner and is believed to be clean. > This message has been scanned for viruses and dangerous content by MailScanner and is believed to be clean. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] File permissions and Unix umask.
On Thu, Oct 09, 2008 at 12:58:41AM +1100, Gerry Marthe wrote: > > The relevant section from smb.conf on the samba server is: > > [common] > comment = Common Area > path = /common > read only = no > valid users = @users > create mask = 0660 > force create mode = 0660 > force directory mode = 775 > write list = @users > force group = users > directory mask = 0775 > > The share is mounted on a Linux system with the following command: > > mount.cifs //localhost/common /mnt/smb -o > rw,uid=600,gid=504,user=abdv29,password=*** > > >From what I have understood of the samba documentation, the various file > creation masks specified > by Samba do not override a client umask. You understood wrong. The server setting override all client requests. That's why they're *force* create mode. Jeremy. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] File permissions and Unix umask.
Hi, I have a question about file permissions and how they are affected by a client's umask. To illustrate my question, I issued the following commands first on a local ext3 file system and then on a cifs file system: $ umask 0002 $ touch f1 $ echo xx > f2 $ umask 0022 $ touch f3 $ echo xx > f4 $ ls -l On Ext3, the output is: -rw-rw-r-- 1 abdv29 users 0 Oct 9 00:31 f1 -rw-rw-r-- 1 abdv29 users 3 Oct 9 00:31 f2 -rw-r--r-- 1 abdv29 users 0 Oct 9 00:31 f3 -rw-r--r-- 1 abdv29 users 3 Oct 9 00:31 f4 On a CIFS mount the output is: -rw-rw-r-- 1 abdv29 users 0 Oct 9 00:35 f1 -rw-rw-r-- 1 abdv29 users 3 Oct 9 00:35 f2 -rw-r--r-- 1 abdv29 users 0 Oct 9 00:35 f3 -rw-rw-r-- 1 abdv29 users 3 Oct 9 00:35 f4 The relevant section from smb.conf on the samba server is: [common] comment = Common Area path = /common read only = no valid users = @users create mask = 0660 force create mode = 0660 force directory mode = 775 write list = @users force group = users directory mask = 0775 The share is mounted on a Linux system with the following command: mount.cifs //localhost/common /mnt/smb -o rw,uid=600,gid=504,user=abdv29,password=*** >From what I have understood of the samba documentation, the various file creation masks specified by Samba do not override a client umask. If that is so, I would expect that the permissions for file "f4" on the cifs mount should be 644 (rw-r--r--) rather than 664 which it is. Can someone please explain why on the CIFS mount, with a umask of 0022, files created with "touch" and "echo" end up with different group permissions? (Noting of course that on a non CIFS file system, these commands produce files with identical permissions). The above seems inconsistent to me. My aim is to have a Samba share on which all files created will be group writable - I expect to have Windows users, Mac users and Linux users. I would rather not have to ask all the Mac and Linux users to change their umasks to 0002 ... or is this the only solution? I am using Samba version 3.2.3-0.20 on Fedora 9. Thanks in advance. Gerry. This message has been scanned for viruses and dangerous content by MailScanner and is believed to be clean. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] file permissions?
Hi, I know there is a parameter to set all files coming to unix as something 0744. I have that set and it's working fine. Is there a way to map specific file groups, like *.pl, to 0755? Mike Fedora Core 5 samba 3.0.24 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] File permissions issue: different behavior between samba and unix
I'm seeing behavior that I was hoping somebody could explain. I have a share set up that will be a repository for company-wide data. There are three classes of people who can access it, readers, read/writers, and admins. Readers and read/writers are self explanatory, admins have read/write access, and can change the permissions/ownership of files. Read and write access is controlled by ACLs on the filesystem (see below), admin access is controlled by smb.conf. Read and admin access works as expected. Reader/Writer access is behaving unexpectedly. A writer can create a file in the share, the ownerships, permissions, and ACLs are inherited as I expect them to be. Now it gets strange. Once I've created a file, I can't rename it and get the error permission denied. I can write to the file itself, but not change its name or delete it. Yes I'm aware that rename/delete permission is a function of the parent directory perms, not the file perms. As I understand, file creation requires exactly the same permissions (rwx) as rename and delete. Hence the unexpectedness of this. Now it gets *REALLY* strange: I can create, rename, and remove directories without difficulty. I don't get errors either renaming or deleting them. One last bit of strangeness: If I change the group ownership of the directory to the writer's group, the unexpected behavior goes away. This seems to suggest to me that something strange is happening with the ACLs in samba in the case of file rename or delete. Samba version is 3.0.24, the issue is reproducible on Solaris and CentOS. I hesitate to call this a bug, because there could be a reason for this, but this behavior is not consistent with how this works under unix at the shell. I duplicated the reader/writer permissions and acls with a non-domain user and group, and observed the behavior I expected, namely that I could rename and remove the file I had created. If you want logs or further information, I can send them to you. Thanks, ~Eric Here are the perms and acls I've set up on the directory. Note that the setgid bit is set so that files created in the diretory inherit root group ownership: bash-3.00# ls -ld afiles drwxrws---+ 2 root root 512 Nov 1 10:21 afiles bash-3.00# getfacl afiles # file: afiles # owner: root # group: root user::rwx user:afile:rwx #effective:rwx group::rwx #effective:rwx group:afile:rwx #effective:rwx group:W2K3TEST+areaders:r-x #effective:r-x group:W2K3TEST+awriters:rwx #effective:rwx group:W2K3TEST+admins:rwx #effective:rwx mask:rwx other:--- default:user::rwx default:group::rwx default:group:W2K3TEST+areaders:r-x default:group:W2K3TEST+awriters:rwx default:group:W2K3TEST+admins:rwx default:mask:rwx default:other:--- bash-3.00# Here is the share definition as spat back out from testparm [afiles] path = /honda/afiles admin users = W2K3TEST+bobadmin, @W2K3TEST+admins read only = No inherit permissions = Yes inherit acls = Yes inherit owner = Yes -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] file permissions with inherit permission + ACL's
"drwxrws---+ 2 ralfgro ve6 2007-04-18 17:28 testdir" 2770 [drwxrws--] permissions will force inherit at the file level system, ignoring Samba. Set the directory to 0770 permissions, and new items would be created with 660 as per smb.conf Other thing is to insure that the main group for the user is the same for all users. Carlos -Original Message- From: Ralf Gross Sent: Wednesday, April 18, 2007 11:45 AM default:other::--- I created a new directory and a new file in this share. drwxrws---+ 2 ralfgro ve6 2007-04-18 17:28 testdir -rwxrwx---+ 1 ralfgro ve0 2007-04-18 17:28 testfile.txt # file: testdir # owner: ralfgro # group: ve user::rwx group::--- group:testgroup1:rwx group:testgroup2:rwx mask::rwx other::--- default:user::rwx default:group::--- default:group:testgroup1:rwx default:group:testgroup2:rwx default:mask::rwx default:other::--- The permissions of this new directory are fine. But new files should be created with 660 permissions, not 770. # file: testfile.txt # owner: ralfgro # group: ve user::rwx group::--- group:testgroup1:rwx group:testgroup2:rwx mask::rwx other::--- This is the relevant part of smb.conf: [testshare] force create mode = 0660 create mask = 0660 force directory mode = 2770 directory security mask = 2770 force directory security mode = directory mask = 2770 force security mode = security mask = 0770 inherit acls = yes inherit permissions = yes map archive = no map system = no ... Some of the options might be needless now, but I needed them as I used 'force group = ...' instead of 'inherit permissions'. I already played with the default mask ACL, but then I always ended with no executable bit on files _and_ directories which denies access to the new created directories... Any ideas? Ralf -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] file permissions with inherit permission + ACL's
Carlos Rivera-Jones schrieb: > > "drwxrws---+ 2 ralfgro ve6 2007-04-18 17:28 testdir" > > 2770 [drwxrws--] permissions will force inherit at the file level > system, ignoring Samba. Set the directory to 0770 permissions, and new > items would be created with 660 as per smb.conf I removed the gid bit, but this doesn't change the permissions of new files. They are still 770. ls -la testshare insgesamt 8 drwxrwx---+ 2 ralfgro ve 25 2007-04-18 17:57 . drwxr-xr-x 5 rootroot63 2007-04-18 17:55 .. -rwxrwx---+ 1 ralfgro ralfgro 0 2007-04-18 17:56 testfile.txt > Other thing is to insure that the main group for the user is the same > for all users. Hm, the users that access this share are member of many groups and the main group will not always be the one of this share. But I think this will be handled by the default ACL's. Ralf -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] file permissions with inherit permission + ACL's
Hi, I have a share (testshare) where different unix groups (testgroup1, testgroup2) should have access to. But I want that new files are only created with 660 permissions. Here are the ACL's of testshare: # file: testshare # owner: ralfgro # group: ve user::rwx group::rwx group:testgroup1:rwx group:testgroup2:rwx mask::rwx other::--- default:user::rwx default:group::--- default:group:testgroup1:rwx default:group:testgroup2:rwx default:mask::rwx default:other::--- I created a new directory and a new file in this share. drwxrws---+ 2 ralfgro ve6 2007-04-18 17:28 testdir -rwxrwx---+ 1 ralfgro ve0 2007-04-18 17:28 testfile.txt # file: testdir # owner: ralfgro # group: ve user::rwx group::--- group:testgroup1:rwx group:testgroup2:rwx mask::rwx other::--- default:user::rwx default:group::--- default:group:testgroup1:rwx default:group:testgroup2:rwx default:mask::rwx default:other::--- The permissions of this new directory are fine. But new files should be created with 660 permissions, not 770. # file: testfile.txt # owner: ralfgro # group: ve user::rwx group::--- group:testgroup1:rwx group:testgroup2:rwx mask::rwx other::--- This is the relevant part of smb.conf: [testshare] force create mode = 0660 create mask = 0660 force directory mode = 2770 directory security mask = 2770 force directory security mode = directory mask = 2770 force security mode = security mask = 0770 inherit acls = yes inherit permissions = yes map archive = no map system = no ... Some of the options might be needless now, but I needed them as I used 'force group = ...' instead of 'inherit permissions'. I already played with the default mask ACL, but then I always ended with no executable bit on files _and_ directories which denies access to the new created directories... Any ideas? Ralf -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] file permissions change to readonly
Hi I have installed samba-3.0.11-5.of.2 on RHEL-3.windows 2003 is being used for authentication (security=ADS). i have a share 'test' and have given rwx permission to parent group and one other group.SGID bit is set on this share. when someone from either group create a Microsoft Excel file in this share it is writable but after someone else write to this file, read only bit gets set on this file and no one can write to this file.it shows Sharing violation error. it does not happens on normal text files. please provide some hint. Regards Ashish -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] file permissions
hi all. apologies for the double post, i omitted the subject line (doh!) i've installed samba with samba-vscan. the only way i can get this combination to work is to set permissions on the folder to be at least drwx---r-- (or in other words, the windows owner has full permissions, groups have none, other has read - this lets vscan work). i also need to serve webpages from within these folders as the apache user, so this permission suits that too- however, i'm curious as to what the 'other' group refers to in a samba context. can anyone explain to me if i've made a security risk in doing this? ie. will any windows users other than the owner be able to look in this folder? if it simply refers to local nix users being able to read then i'm not concerned about that as there aren't any! tia john ___ Join Excite! - http://www.excite.com The most personalized portal on the Web! -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] File Permissions
Hi, You must use ACL's. Your Kernel+FileSystem must suport it and samba must have been compiled with acl support. But just one personnal remark, the path you're trying to walk (many different permissions at different directory levels) is a dangerous one. Trust me. I've been there, done that, and fortunely fled away from it. Best Regards, Bruno Guerreiro > -Original Message- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] > On Behalf Of Dracula > Sent: terça-feira, 11 de Abril de 2006 13:21 > To: Samba > Subject: [Samba] File Permissions > > Hello > > I trying to grasp the file permissions on Linux. I have > Samba installed and functioning properly... > > I think I understand perimission in this environment with one > exception: > I need to add more than one group to a file/folder. With > Windows..the security tab would allow any number of Groups > and each group could have different permissions. (As well > with files and subdirectories). With Linux Im not "seeing" > this ability to add multiple groups to a file/folder. Is > this a limitation to the Linux environment? We have several > situations where we allow a user to "List Content" but down > into the folder structure allow the user to Read some folders > and others Read/Write. > > Thanks > > Regards, > > Komal > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/listinfo/samba > -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] File Permissions
Hello I trying to grasp the file permissions on Linux. I have Samba installed and functioning properly... I think I understand perimission in this environment with one exception: I need to add more than one group to a file/folder. With Windows..the security tab would allow any number of Groups and each group could have different permissions. (As well with files and subdirectories). With Linux Im not "seeing" this ability to add multiple groups to a file/folder. Is this a limitation to the Linux environment? We have several situations where we allow a user to "List Content" but down into the folder structure allow the user to Read some folders and others Read/Write. Thanks Regards, Komal -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] File permissions problem - Visible Analyst
Barry Hitchcock B'Hitch Consulting 14 Sample Rd Albany Auckland 0274 988-755 (09) 448-1930 [EMAIL PROTECTED] - - - - - New & Used Computers - Printers & Supplies Repairs - Networking - Internet - ADSL Site Management and Audits -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] file permissions with samba shares
At 09:05 AM 10/19/2005, Josh Kelley wrote: On 10/19/05, Jack Malone <[EMAIL PROTECTED]> wrote: > I am wondering if there is a way I can setup permission on > directories in the directory that I have setup for samba shares so > that no one can move or delete them. The problem I am having of late > is that someone from within windows will move the directories around Denying write permission to the parent directory should prevent someone from deleting or moving child directories. If I do this will that make it where they can not put files into that directory or not. I'm thinking this is happening with drag an drop of files from someone that does not know what they are doing or even doing it. If that won't work, you might instead try using the audit or extd_audit vfs module to log directory moves and deletions. Then you could at least get after the responsible party. How is this setup, guess I need to see if I find it in the samba docs. thanks for the reply / info jack -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] file permissions with samba shares
On 10/19/05, Jack Malone <[EMAIL PROTECTED]> wrote: > I am wondering if there is a way I can setup permission on > directories in the directory that I have setup for samba shares so > that no one can move or delete them. The problem I am having of late > is that someone from within windows will move the directories around Denying write permission to the parent directory should prevent someone from deleting or moving child directories. If that won't work, you might instead try using the audit or extd_audit vfs module to log directory moves and deletions. Then you could at least get after the responsible party. Josh Kelley -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] file permissions with samba shares
I am wondering if there is a way I can setup permission on directories in the directory that I have setup for samba shares so that no one can move or delete them. The problem I am having of late is that someone from within windows will move the directories around . I think they do it not knowing they are doing it. Its happened several times of late now. I have always found the missing directory nested into another directory in the samba shares. thanks for any info. I am running just in workgroup setup with samba here no domain in the picture. Running suse linux 9.3 as the os on the server. jack malone -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] File permissions changing
Hi all, This doesn't happen with UNIX so I am at a loss. I've got a directory where the directory mode is 770. All the files within it were manually set to 660 permissions and the create mode on the share is 660. However, when a user opens a file, changes it, and saves it, they become the owner (ok) and the mode becomes 640! Hence, the next person comes to me and says "That file is read-only again!" What is going on here? I can understand the permissions reverting while someone is IN the file, but shouldn't they go back when they close it? Samba 3.0.9, Linux 2.6.5. Misty -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
RE: [Samba] file permissions head-ache on Samba V3.0.4
Hi Paul, You probably want to ensure you have EXT3 ACL support on your server, if it isn't already.. not sure if Redhate Enterprise supports this out of the box. I've found that editing permissions from a Windows NT 4.0 box leads to acls being set incorrectly on Samba - use win2k or higher. You probably also want to chown the directories to root, as once the users specified in the 'admin users' directive in smb.conf authenticate to the server they will be mapped in as root (you can see this when you ps aux |grep smbd). I've found the best way to start permissions wise is with owner root:root and permissions 0777 on the directory, and from the ACL editor in Windows restrict permissions that way. Hope this helps Tom -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of PaulD Sent: Thursday, 26 August 2004 11:06 p.m. To: [EMAIL PROTECTED] Subject: [Samba] file permissions head-ache on Samba V3.0.4 Hi, I hope that this is a quick answer, as it's probably been answered many times before and I'm just missing a very minor setting in my config. I have just setup a samba server(ver 3.0.4) on a Redhat Enterprise Linux Box ES3. The box has been setup as a member of a Windows NT4 domain, it's to be used as a fileserver for users on the NT domain. I have configured samba to use domain security, and have winbind working correctly (I think!!) - I can get the domain users and groups to show from a 'wbinfo -u or wbinfo -g. I have been trying (unsucessfully) to configure the /home directory so that the domain admins here can manage the subfolders and the permissions, from the server administrator or management console on their NT / 2000 workstations. I have used the following commands on the /home volume so that the domain admins/users can have access to the volume: chown DOMAIN+Administrator /home chgrp "DOMAIN+Domain Users" /home (both commands threw back no errors) I'm guessing that the problem may down to the smb.conf file but I'm not sure what I'm missing.. would be grateful if someone could assist. TIA Yahoo! Messenger - Communicate instantly..."Ping" your friends today! Download Messenger Now http://uk.messenger.yahoo.com/download/index.html -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] file permissions head-ache on Samba V3.0.4
Hi, I hope that this is a quick answer, as it's probably been answered many times before and I'm just missing a very minor setting in my config. I have just setup a samba server(ver 3.0.4) on a Redhat Enterprise Linux Box ES3. The box has been setup as a member of a Windows NT4 domain, it's to be used as a fileserver for users on the NT domain. I have configured samba to use domain security, and have winbind working correctly (I think!!) - I can get the domain users and groups to show from a 'wbinfo -u or wbinfo -g. I have been trying (unsucessfully) to configure the /home directory so that the domain admins here can manage the subfolders and the permissions, from the server administrator or management console on their NT / 2000 workstations. I have used the following commands on the /home volume so that the domain admins/users can have access to the volume: chown DOMAIN+Administrator /home chgrp "DOMAIN+Domain Users" /home (both commands threw back no errors) I'm guessing that the problem may down to the smb.conf file but I'm not sure what I'm missing.. would be grateful if someone could assist. TIA Yahoo! Messenger - Communicate instantly..."Ping" your friends today! Download Messenger Now http://uk.messenger.yahoo.com/download/index.html-- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] File-Permissions
Hi List, i´ve a interesting problem on a samba share: [data] comment = Datas for al users path = /space/data read only = no browse able = yes create mask = 0777 force crate mask = 0777 whe i logon my samba-domain with any windows-client and create in that share a file then the user-permisions are set to : rwx rw- rw- and only the owner of the file can edit it. everyotherone just can read it. the same is when on that share a folder will be createtd with a file in it. but when i add following to lines to the share definition: directory mask = 0777 force group = users then all users can edit the file i thought that the directory mask option is only for new folders (created by loggedin users) do i something wrong with my permissions? i´ve tested it on my own selfcompiled samba 3.0.0 and the shipped version from SuSE 9.0 (2.??) and its the same behavior. regards Arno Seidel -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
RE: [Samba] MS Word and Samba File Permissions Problem: probablysolved
> > > + Groupmapping: > > > - Domain Admins -> root > > > - Domain Users -> domuser > > > - Domain Guests -> nogroup > > For the "add group script" I use what is given as an example in the Samba > HowTo: > http://de.samba.org/samba/docs/man/groupmapping.html#smbgrpadd.sh > > The "add user script" is just the normal "useradd"-comand: > - /usr/sbin/useradd -d /home/"%u" -c "DomainUser" -s /bin/false "%u" > > That only worked correctly when I omitted the "-g whateverPrimaryGroup" . > > Apparently Samba adds the user to the group later: > - set primary group script = /usr/sbin/usermod -g "%g" "%u" > > Giving passwords to users only worked after I adapted the "passwd > chat" to the Debian passwd program: passwd chat = "*new*password*" %n\\n "*new*password*" %n\\n "*updated*" > > New compis are added to the group "nogroup" in my config: > - add machine script = /usr/sbin/useradd -d /dev/null -s /bin/false -c > "DomainMachines" -g nogroup "%u" > > And (nearly) finally all that only worked after I did set the > rights right: > Groupmapping: see above > smb.conf: see above and " valid users = +root, +domuser, +nogroup" Hi Alexander, With this set up of yours, when you add users, do you have to manually add the home directories & profile directories in usrmgr, or does that work automatically? And what backend are you using? I am using tbdsam. I have had limited success - either I have to add them myself, or they automatically appear as "\\basilisk\%u" and "\\basilisk\profiles\%u" i.e. the %L is expanded correctly to the machine name, but the %u is not expanded correctly - and a %u directory apprears in \\basilisk\profiles! Maybe one of the samba team can tell me what the expected behaviour should be (with tbdsam/usrmgr). To recall I am using samba 3.0.0final, compiled from the debian testing source, with-quotas. Would the expected behaviour change if one was to use pam password change = yes, instead of passwd program = /usr/bin/passwd %u. Cheers Chris -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] MS Word and Samba File Permissions Problem
sorry, misdirected it and klicked too early on "send".. :-( -- Weitergeleitete Nachricht -- Subject: Re: [Samba] MS Word and Samba File Permissions Problem Date: Dienstag, 27. Januar 2004 17:16 From: Alexander Goeres <[EMAIL PROTECTED]> To: "Collen Blijenberg (MLHJ)" <[EMAIL PROTECTED]> Hi Collen, Am Dienstag, 27. Januar 2004 15:25 schrieb Collen Blijenberg (MLHJ): > Had the same prob with 3.0.0 version, but it's gone with 302rc1 > > creator group & creator owner are the prob.. > some how the 300 version added an extra group to my shares (creator group) > and made it r+x causing the prob. > just update to latest samba, or make an extra creator group mapping.. > > dunno.. prob passsed... > > l8r > Collen thanks for the hint, but I for myself don't dare to use a release candidate. But I'll see forward to a final verion of 3.0.2.. Greetings Alexander --- agoeres _at_ lieblinx.net tel.: +49 (0)30 / 61 20 26 87 fax: +49 (0)30 / 61 20 26 89 --- lieblinxNET we do software a Marwood & Thiele GbR --- reichenberger straße 125 10999 Berlin http://lieblinx.net --- -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] MS Word and Samba File Permissions Problem: probably solved
Hi Chris! Am Dienstag, 27. Januar 2004 14:59 schrieb Chris Aitken: > > +Samba 3.0.1 on Debian 3.0 > > > > + Groupmapping: > > - Domain Admins -> root > > - Domain Users -> domuser > > - Domain Guests -> nogroup > > > > + smb.conf: > > [global] > > ... > > admin users = +root > > write list = +root +domuser > > create mask = 0775 > > directory mask = 0775 > > ... > > [share] > > force create mode = 0660 > > force directory mode = 0770 > > force group = domuser > > > > Client-side: MS Office 2000 on w2k > > ### > > All the files/directories on this share belong to the group "domuser". ... > I had this problem at work (Debian 2.2.3a). > > My shares now look like this: > > [Share] >comment = description >path = /home/projects >browseable = yes >read only = no >force create mode = 0060 >force directory mode = 0070 >create mask = 0770 >directory mask = 0770 > > mode is drwxrwx--- owned by root.staff I'll test that configuration next time when I'm allowed to stop the relevant bureau-net. But I found a different solution: setting "oplock = Yes" on the share worked. It looked as if my samba installation couldn't handle this "opportunistic locking" thing the w2k clients required (even though "man smb.conf" said it was turned on by default). I had to enable it on the share. Now the M$ Word problem is gone. I found some hints about that problem (via the Samba HowTo) in the MS knowledge-base: About XP Problems and oplocking: http://support.microsoft.com/default.aspx?scid=kb;EN-US;812937 About "opportunistic locking" in general: http://support.microsoft.com/default.aspx?scid=kb;EN-US;296264 First time that an MS help was of some use.. > As a return favour - have you got add user script/add group script etc > working properly yet? Could you share your scripts with me pls - as I have > issues with this in 3.0.0fianl. > > Regards, > > Chris For the "add group script" I use what is given as an example in the Samba HowTo: http://de.samba.org/samba/docs/man/groupmapping.html#smbgrpadd.sh The "add user script" is just the normal "useradd"-comand: - /usr/sbin/useradd -d /home/"%u" -c "DomainUser" -s /bin/false "%u" That only worked correctly when I omitted the "-g whateverPrimaryGroup" . Apparently Samba adds the user to the group later: - set primary group script = /usr/sbin/usermod -g "%g" "%u" Giving passwords to users only worked after I adapted the "passwd chat" to the Debian passwd program: - passwd chat = "*new*password*" %n\\n "*new*password*" %n\\n "*updated*" New compis are added to the group "nogroup" in my config: - add machine script = /usr/sbin/useradd -d /dev/null -s /bin/false -c "DomainMachines" -g nogroup "%u" And (nearly) finally all that only worked after I did set the rights right: Groupmapping: see above smb.conf: see above and " valid users = +root, +domuser, +nogroup" Really finally: That's with Debian 3.0 and the Debian Samba package 3.0.1-2 Don't know if that helps, but I hope regards Alexander -- --- agoeres _at_ lieblinx.net tel.: +49 (0)30 / 61 20 26 87 fax: +49 (0)30 / 61 20 26 89 --- lieblinxNET we do software a Marwood & Thiele GbR --- reichenberger straße 125 10999 Berlin http://lieblinx.net --- -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
RE: [Samba] MS Word and Samba File Permissions Problem
> Hello everybody! > > Obviously Samba as a PDC and Fileserver for w2k clients is not as > easy as I > first thought. > > Soon after setup and integration in a network a problem with the > shares and MS > Word appeared. > > Any time a file is opened with M$ Word directly from a share and > edited it > can't be saved. The M$ user gets the msg that the file is > write-protected and > on the samba side the file permissions are changed to r-xr-xr-x > even if they > have been 770 before. > > Here some of my configs: > ### > +Samba 3.0.1 on Debian 3.0 > > + Groupmapping: > - Domain Admins -> root > - Domain Users -> domuser > - Domain Guests -> nogroup > > + smb.conf: > [global] > ... > admin users = +root > write list = +root +domuser > create mask = 0775 > directory mask = 0775 > ... > [share] > force create mode = 0660 > force directory mode = 0770 > force group = domuser > > Client-side: MS Office 2000 on w2k > ### > All the files/directories on this share belong to the group "domuser". > > I found a hint in the Samba HowTo collection: > http://de.samba.org/samba/docs/man/AccessControls.html#id2920312 > According to that I set the sgid bit on all the directories > (rwxrws---) and > did set the "force create/directory mode" but that doesn't help. > > If anyone came across a similar problem or even a solution, > please help me. A > samba fileserver. that scrambles write-rights in conjunction with > M$ Word is > pretty useless .. Hi Alexander I had this problem at work (Debian 2.2.3a). My shares now look like this: [Share] comment = description path = /home/projects browseable = yes read only = no force create mode = 0060 force directory mode = 0070 create mask = 0770 directory mask = 0770 mode is drwxrwx--- owned by root.staff All users in company are in group staff. No sticky bit set (although we are running a similar share for out R & D dept with the mode drwxrwx--T Everything runs happily now. All files are owned by the creator & group staff. I also had an issue when i had set veto files (but I think that was because I had put veto files in the global section). As a return favour - have you got add user script/add group script etc working properly yet? Could you share your scripts with me pls - as I have issues with this in 3.0.0fianl. Regards, Chris -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] MS Word and Samba File Permissions Problem
Hello everybody! Obviously Samba as a PDC and Fileserver for w2k clients is not as easy as I first thought. Soon after setup and integration in a network a problem with the shares and MS Word appeared. Any time a file is opened with M$ Word directly from a share and edited it can't be saved. The M$ user gets the msg that the file is write-protected and on the samba side the file permissions are changed to r-xr-xr-x even if they have been 770 before. Here some of my configs: ### +Samba 3.0.1 on Debian 3.0 + Groupmapping: - Domain Admins -> root - Domain Users -> domuser - Domain Guests -> nogroup + smb.conf: [global] ... admin users = +root write list = +root +domuser create mask = 0775 directory mask = 0775 ... [share] force create mode = 0660 force directory mode = 0770 force group = domuser Client-side: MS Office 2000 on w2k ### All the files/directories on this share belong to the group "domuser". I found a hint in the Samba HowTo collection: http://de.samba.org/samba/docs/man/AccessControls.html#id2920312 According to that I set the sgid bit on all the directories (rwxrws---) and did set the "force create/directory mode" but that doesn't help. If anyone came across a similar problem or even a solution, please help me. A samba fileserver. that scrambles write-rights in conjunction with M$ Word is pretty useless .. Thanx in advance Alexander -- --- agoeres _at_ lieblinx.net tel.: +49 (0)30 / 61 20 26 87 fax: +49 (0)30 / 61 20 26 89 --- lieblinxNET we do software a Marwood & Thiele GbR --- reichenberger straße 125 10999 Berlin http://lieblinx.net --- -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] File Permissions. Two unix groups having write access to the same share without 0777
I'm using samba 3.0.1pre3 as fileserver for my windows clients (xp and 98) My users are separated in many groups and some dirs should be writeable for 2 groups at once. Unix permissions does not allow to have 2 groups for a directory or file. I could put 777 in the directory and force umasks, but that really anoys me. So I did a little workaround to make it work and now I wonder if it is secure and if it will work as it should. I've put all my users in group 'samba' as their secondary unix group and set samba to "force group = samba" in the share configuration. Their primary group still one of those (marketing, salles, tech, etc) smb.conf share definition : [companyfiles] path = "/home/samba/shares/files" valid users = @samba force group = samba write list = user1 user2 @group1 @group2 read list = @group3 It seens to be working allright. All files are created using user.samba and mask 0664 and dir 0775. Now all permission control is been done by samba. Can I trust it? The only problem I could have is if an user could log into the unix and CD around, because unix permissions would permit him to see things that he shouldn't, right? What this looks like to you guys? Secure enogth ? I'll have no shell users in this machine. any comments, opnions and sugestions would be apreciated. thanks and sorry about the poor english. I hope I made myself clear. thiago lima. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] file permissions on home directories and admin user copying files to it
2003. november 13. 19.40 dátummal Christian Nabski ezt írta: > We want to copy files with the group in the admin list of the [homes] > share. The problem is that the copied files then are owned by root. > I know this is normal unix behavior. However we want the copied files to > be owned by the user of the homeshare. > > I read the samba howto section "Users Cannot Write to a Public Share". > Although I want to set the owner on the home shares and not on a public > share. > The mentioned section however does not seem to work on Redhat 7.3 nor RH > AS 3 ? > The group gets set correctly (gets changed to the group who owned the > directory) but the user stays the same. > I am wondering if this is a particular issue with the Redhat distribution > or something else ? > > For now I tried this "solution" : > > in [homes] : > root preexec = chown -R %S %P > > This works but I wonder if this is good solution ? > > > Christian I use "force user = %S" setting in [homes]. This way anyone copies into this share (who has write access of course :-) ) the owner of files will be the same user. -- attiko -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] file permissions on home directories and admin user copying files to it
So the only way to do this would be like in my initial mail ? in [homes] : root preexec = chown -R %S %P John H Terpstra <[EMAIL PROTECTED]> wrote on 14/11/2003 02:34:06: > > On Fri, 14 Nov 2003, Christian Nabski wrote: > > > Hi Aaron, > > > > Thanks for your answer. > > I already set the create mask for files and directories : > > for files 0600 --> user can only write and read > > for directories 0700 --> directories can be read and entered (executed) by > > the user > > > > This however only sets the rights and not the ownership. > > > > The problem arises when an admin (in the adminlist) copies files from > > another drive/share/... to the home share of a user via samba. > > These copied files have then as owner root. The effect of this (0600 and > > root ) is that the user can not read or write to this file. > > Correct. The same happens when root copies files under UNIX. If you copy > them as a normal user this does not happen. Root always overrides UNIX > security. > > - John T. > > > This is in fact a test server for a customer. > > What they actually want is the behavior of windows : > > the copied files inherit the rights of the directory where they are > > created. > > eg : homedir : 0700 owner : "the user" group "domain users" > > The admin copies or created a file example.txt in homedir. > > --> rights of example.txt : 0600 owner "the user" group "domain users" > > > > The group ownership is possible with chmod g+s homedir or chmod 2700 > > homedir. > > > > If I would set a create mask for files as 0660 and for directories 0770 > > the problem would be solved but I wanted the restrict the rights to the > > ones set. > > And I don't want to maintain private groups (ala redhat) for these users. > > > > I am just wondering how other people do this with admins which don't know > > anything about unix file permissions ? > > > > -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] file permissions on home directories and admin user copying files to it
On Fri, 14 Nov 2003, Christian Nabski wrote: > Hi Aaron, > > Thanks for your answer. > I already set the create mask for files and directories : > for files 0600 --> user can only write and read > for directories 0700 --> directories can be read and entered (executed) by > the user > > This however only sets the rights and not the ownership. > > The problem arises when an admin (in the adminlist) copies files from > another drive/share/... to the home share of a user via samba. > These copied files have then as owner root. The effect of this (0600 and > root ) is that the user can not read or write to this file. Correct. The same happens when root copies files under UNIX. If you copy them as a normal user this does not happen. Root always overrides UNIX security. - John T. > This is in fact a test server for a customer. > What they actually want is the behavior of windows : > the copied files inherit the rights of the directory where they are > created. > eg : homedir : 0700 owner : "the user" group "domain users" > The admin copies or created a file example.txt in homedir. > --> rights of example.txt : 0600 owner "the user" group "domain users" > > The group ownership is possible with chmod g+s homedir or chmod 2700 > homedir. > > If I would set a create mask for files as 0660 and for directories 0770 > the problem would be solved but I wanted the restrict the rights to the > ones set. > And I don't want to maintain private groups (ala redhat) for these users. > > I am just wondering how other people do this with admins which don't know > anything about unix file permissions ? > > > Regards, > > Christian > > > > Aaron Collins <[EMAIL PROTECTED]> wrote on 13/11/2003 21:19:13: > > > > > You should have a look at the create mask option, it says what the > > default permissions should be on files that get created. This will > > override the default unix behavior. > > See also inherit permissions , directory mask, force create mode and > > force directory mode I think these are the options your looking for in > > your smb.conf > > > > -Aaron c > > > > On Thu, 2003-11-13 at 11:40, Christian Nabski wrote: > > > We want to copy files with the group in the admin list of the [homes] > > > share. The problem is that the copied files then are owned by root. > > > I know this is normal unix behavior. However we want the copied files > to > > > be owned by the user of the homeshare. > > > > > > I read the samba howto section "Users Cannot Write to a Public Share". > > > Although I want to set the owner on the home shares and not on a > public > > > share. > > > The mentioned section however does not seem to work on Redhat 7.3 nor > RH > > > AS 3 ? > > > The group gets set correctly (gets changed to the group who owned the > > > directory) but the user stays the same. > > > I am wondering if this is a particular issue with the Redhat > distribution > > > or something else ? > > > > > > For now I tried this "solution" : > > > > > > in [homes] : > > > root preexec = chown -R %S %P > > > > > > This works but I wonder if this is good solution ? > > > > > > > > > Christian > > > -- John H Terpstra Email: [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] file permissions on home directories and admin user copying files to it
I don't think you really can change that, because the default nature of Unix is who ever creates a file owns it, no matter what directory it's in(As long as they have write access to that dir). Samba just does a remote->local mapping that grant the remote user whatever access they are mapped to, but when they create the file, they still own it. If you use a rpc or ads setup, and configure nss and pam together with it, you can make so that from windows you could manage file ownership(To a limited extent, ufs is not ntfs). But as far as making any file that's in a directory owned by who ever owns that dir, the only way I could think of to do it is to write a cron script that checks the dir ownership and sets all files and sub dirs to those permissions every x amount of time. -Aaron On Thu, 2003-11-13 at 17:11, Christian Nabski wrote: > Hi Aaron, > > Thanks for your answer. > I already set the create mask for files and directories : > for files 0600 --> user can only write and read > for directories 0700 --> directories can be read and entered (executed) by > the user > > This however only sets the rights and not the ownership. > > The problem arises when an admin (in the adminlist) copies files from > another drive/share/... to the home share of a user via samba. > These copied files have then as owner root. The effect of this (0600 and > root ) is that the user can not read or write to this file. > > This is in fact a test server for a customer. > What they actually want is the behavior of windows : > the copied files inherit the rights of the directory where they are > created. > eg : homedir : 0700 owner : "the user" group "domain users" > The admin copies or created a file example.txt in homedir. > --> rights of example.txt : 0600 owner "the user" group "domain users" > > The group ownership is possible with chmod g+s homedir or chmod 2700 > homedir. > > If I would set a create mask for files as 0660 and for directories 0770 > the problem would be solved but I wanted the restrict the rights to the > ones set. > And I don't want to maintain private groups (ala redhat) for these users. > > I am just wondering how other people do this with admins which don't know > anything about unix file permissions ? > > > Regards, > > Christian > > > > Aaron Collins <[EMAIL PROTECTED]> wrote on 13/11/2003 21:19:13: > > > > > You should have a look at the create mask option, it says what the > > default permissions should be on files that get created. This will > > override the default unix behavior. > > See also inherit permissions , directory mask, force create mode and > > force directory mode I think these are the options your looking for in > > your smb.conf > > > > -Aaron c > > > > On Thu, 2003-11-13 at 11:40, Christian Nabski wrote: > > > We want to copy files with the group in the admin list of the [homes] > > > share. The problem is that the copied files then are owned by root. > > > I know this is normal unix behavior. However we want the copied files > to > > > be owned by the user of the homeshare. > > > > > > I read the samba howto section "Users Cannot Write to a Public Share". > > > Although I want to set the owner on the home shares and not on a > public > > > share. > > > The mentioned section however does not seem to work on Redhat 7.3 nor > RH > > > AS 3 ? > > > The group gets set correctly (gets changed to the group who owned the > > > directory) but the user stays the same. > > > I am wondering if this is a particular issue with the Redhat > distribution > > > or something else ? > > > > > > For now I tried this "solution" : > > > > > > in [homes] : > > > root preexec = chown -R %S %P > > > > > > This works but I wonder if this is good solution ? > > > > > > > > > Christian > > -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] file permissions on home directories and admin user copying files to it
Hi Aaron, Thanks for your answer. I already set the create mask for files and directories : for files 0600 --> user can only write and read for directories 0700 --> directories can be read and entered (executed) by the user This however only sets the rights and not the ownership. The problem arises when an admin (in the adminlist) copies files from another drive/share/... to the home share of a user via samba. These copied files have then as owner root. The effect of this (0600 and root ) is that the user can not read or write to this file. This is in fact a test server for a customer. What they actually want is the behavior of windows : the copied files inherit the rights of the directory where they are created. eg : homedir : 0700 owner : "the user" group "domain users" The admin copies or created a file example.txt in homedir. --> rights of example.txt : 0600 owner "the user" group "domain users" The group ownership is possible with chmod g+s homedir or chmod 2700 homedir. If I would set a create mask for files as 0660 and for directories 0770 the problem would be solved but I wanted the restrict the rights to the ones set. And I don't want to maintain private groups (ala redhat) for these users. I am just wondering how other people do this with admins which don't know anything about unix file permissions ? Regards, Christian Aaron Collins <[EMAIL PROTECTED]> wrote on 13/11/2003 21:19:13: > > You should have a look at the create mask option, it says what the > default permissions should be on files that get created. This will > override the default unix behavior. > See also inherit permissions , directory mask, force create mode and > force directory mode I think these are the options your looking for in > your smb.conf > > -Aaron c > > On Thu, 2003-11-13 at 11:40, Christian Nabski wrote: > > We want to copy files with the group in the admin list of the [homes] > > share. The problem is that the copied files then are owned by root. > > I know this is normal unix behavior. However we want the copied files to > > be owned by the user of the homeshare. > > > > I read the samba howto section "Users Cannot Write to a Public Share". > > Although I want to set the owner on the home shares and not on a public > > share. > > The mentioned section however does not seem to work on Redhat 7.3 nor RH > > AS 3 ? > > The group gets set correctly (gets changed to the group who owned the > > directory) but the user stays the same. > > I am wondering if this is a particular issue with the Redhat distribution > > or something else ? > > > > For now I tried this "solution" : > > > > in [homes] : > > root preexec = chown -R %S %P > > > > This works but I wonder if this is good solution ? > > > > > > Christian > -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] file permissions on home directories and admin user copying files to it
We want to copy files with the group in the admin list of the [homes] share. The problem is that the copied files then are owned by root. I know this is normal unix behavior. However we want the copied files to be owned by the user of the homeshare. I read the samba howto section "Users Cannot Write to a Public Share". Although I want to set the owner on the home shares and not on a public share. The mentioned section however does not seem to work on Redhat 7.3 nor RH AS 3 ? The group gets set correctly (gets changed to the group who owned the directory) but the user stays the same. I am wondering if this is a particular issue with the Redhat distribution or something else ? For now I tried this "solution" : in [homes] : root preexec = chown -R %S %P This works but I wonder if this is good solution ? Christian -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] File Permissions
hi, see example but chmod -R 0777 /files/pub on linux before note this maybe a security problem ## Section - [files] [files] readonly = No cscpolicy = disable comment = public files browseable = yes writeable = yes path = /files/pub guestok = yes - Original Message - From: <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Friday, October 31, 2003 5:20 PM Subject: [Samba] File Permissions > I have set up Samba so that all users on my small network can read from my > one of my Linux shares as well as write to that share. > > However, when user A saves a file to that share, user B can't open it -- and > vice versa. How can I set up samba so that all files written to that share can > be read, modified, and deleted by all users? > > Thanks in advance for an answer to this question. > -- > To unsubscribe from this list go to the following URL and read the > instructions: http://lists.samba.org/mailman/listinfo/samba > -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] File Permissions
I have set up Samba so that all users on my small network can read from my one of my Linux shares as well as write to that share. However, when user A saves a file to that share, user B can't open it -- and vice versa. How can I set up samba so that all files written to that share can be read, modified, and deleted by all users? Thanks in advance for an answer to this question. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] file permissions
hi thanks i think that will do the trick, just out of interest is the root ownership thing a bug, or something windows has done? rob carter -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] file permissions
On Mon, 2003-09-29 at 07:17, rob wrote: > Hi > > i'm using samba as a file print server on suse 7.3, clients are windoze > 95,2K,XP. > > basic problem is that sometimes the files created from a windows client have > a ownership of root, this causes problems mainly with backup programs (as it > affects/prevents the unix - dos archive bit mapping) as I don't then own > it), i havn't set up a user root on the windows systems so how can this > happen? i think this could happen as a result of the sticky bit being set on the directory. it could also be a force user or some other clause in the smb.conf... try to duplicate the problem and capture a level3 log of what is happening so you can understand it. > > btw if i set valid users to a set of user names this problem seems to go > away, can anybody advise why the 'root' name appears hmm do you have administrator mapped to root in a username map? > > as an aside how do i clear a username/password for a network share in > windoze, as just deleting the share doesn't seemd to do this. I'm not sure about this one -- but i think net use /d may work... brad -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] file permissions
Hi i'm using samba as a file print server on suse 7.3, clients are windoze 95,2K,XP. basic problem is that sometimes the files created from a windows client have a ownership of root, this causes problems mainly with backup programs (as it affects/prevents the unix - dos archive bit mapping) as I don't then own it), i havn't set up a user root on the windows systems so how can this happen? btw if i set valid users to a set of user names this problem seems to go away, can anybody advise why the 'root' name appears as an aside how do i clear a username/password for a network share in windoze, as just deleting the share doesn't seemd to do this. thanks for any help rob Carter [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] File Permissions
Samba List: I am running samba on Rh Linux 7.1 with samba 2.0.10. I have shares I want to force the user group ownerships with as well as setting file permissions. I have been using force user = and force group = and have been able to get new files to have this ownership. I have tried using create mask = 775 but when I create a file on this share through windows I get a file 765 permissions. How do I correct this to get the permissions the way I want? Bruce Embrey Bruce Edward Embrey : Linux Systems Manager Campus Email Admin : UNIX / Linux Administrator Hood College : [EMAIL PROTECTED] : Phone (301)696-3927 -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
RE: [Samba] file permissions
What I've done to try to address this (and it seems to be working) is to: 1. add all of the users to a common group 2. chown the directory above the file to the group 3. chmod -R g+s the directory above the file 4. addinherit permissions = yes to smb.conf > -Original Message- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] Behalf Of > Richard Clemens > Sent: Tuesday, February 25, 2003 16:10 > To: [EMAIL PROTECTED] > Subject: [Samba] file permissions > > > Hello, > > I am having problems with multiple users being able to access the same > file on a samba volume. > > I tried assigning the three users and the document all to a single group > with no luck. > > So far we have had to chmod 777 the doc just to be able to read it. > when a change is made the doc is reverted to the last person who > changed it making it impossible for the next user to edit it. in > addition, the group is changed back to the original settings as well. > > TIA > Rich > > -- > To unsubscribe from this list go to the following URL and read the > instructions: http://lists.samba.org/mailman/listinfo/samba > -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] file permissions
Hello, I am having problems with multiple users being able to access the same file on a samba volume. I tried assigning the three users and the document all to a single group with no luck. So far we have had to chmod 777 the doc just to be able to read it. when a change is made the doc is reverted to the last person who changed it making it impossible for the next user to edit it. in addition, the group is changed back to the original settings as well. TIA Rich -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
RE: [Samba] File Permissions
I know I've seen the answer to this problem, even this week. Have you searched the mail archives? It had something to do with setting the sticky bit on the directory. Search and you will find. Josh -Original Message- From: kumar annamalai [mailto:[EMAIL PROTECTED]] Sent: Thursday, December 12, 2002 7:05 AM To: [EMAIL PROTECTED] Subject: [Samba] File Permissions Hi All I am using the PVCS application for the version control and this is in turn stored onto the unix system. We map it onto the windows using samba and use the same. my concern is when i use the pvcs , the files will be limited to the owners (unix) only and others will not be given privileges to use the same. If i want the others also to access the same i need to give the group permission also , but when given group permission the user will be free to delete the files too which cannot be tracked. is there any way to give users full access but the user should be restricted from deletion. Your response will be highly appreciated. Pls do the needfull . Thanks Regds Kumar __ Do you Yahoo!? Yahoo! Mail Plus - Powerful. Affordable. Sign up now. http://mailplus.yahoo.com -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] File Permissions
Hi All I am using the PVCS application for the version control and this is in turn stored onto the unix system. We map it onto the windows using samba and use the same. my concern is when i use the pvcs , the files will be limited to the owners (unix) only and others will not be given privileges to use the same. If i want the others also to access the same i need to give the group permission also , but when given group permission the user will be free to delete the files too which cannot be tracked. is there any way to give users full access but the user should be restricted from deletion. Your response will be highly appreciated. Pls do the needfull . Thanks Regds Kumar __ Do you Yahoo!? Yahoo! Mail Plus - Powerful. Affordable. Sign up now. http://mailplus.yahoo.com -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
RE: [Samba] file permissions
> you need to join admin and joe to the smbusers group > and set the permissions on user1 and user2 to at least 775 > for that to happen. Does this mean add them to the admins group? I have already done that, if it means something different can you please give more detailed explanation. nope i was saying you should make all of these user's files write accessable to each other - but in light of your comments below i don't think that is what you want. > > I think that is an unusual configuration though - most users have > exclusive write access to their home dirs (only root can also write > there) > This unusual config may be because Im looking at things from a windoze > network poing of view. Take a small office situation for example: an office > manager and some workers. The workers need only access to thier > directories, but the office manage may need to save files for the workers to > correct or retype or what ever. > What would be the prefered way of setting groups and permissions for a > situation loke this? I think the usual way is to put users into their own group and managers into their own group the user directories would be owned by the users but the group is that of the managers That way no user can touch another user's files. Using your example drwxr xr x admin admins admin drwxr xr x joe admins joe drwxrwxr x user1 admins user1 drwxrwxr x user2 admins user2 if you need a place for members of smbusers to share files with each other you can add a shared directory owned by root with group smbusers and permissions 770 > you could make joe and admin admin users using the > admin users directive if you already did this and joe and "admin" dont have write access to everything then something is wrong. brad -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
RE: [Samba] file permissions
-Original Message- From: Bradley W. Langhorst [mailto:[EMAIL PROTECTED]] Sent: Thursday, April 25, 2002 5:12 PM To: David McBride Cc: Samba "email list (E-mail) Subject: Re: [Samba] file permissions On Thu, 2002-04-25 at 17:41, David McBride wrote: > I have got my Samba file shareing to work, now I can not seem to get the > permissions worked out like I would like. > I would like admin and joe to have read and write access to all 4 folders. > When I try to write to any folder except admin logged in as admin I can not > write. you need to join admin and joe to the smbusers group and set the permissions on user1 and user2 to at least 775 for that to happen. Does this mean add them to the admins group? I have already done that, if it means something different can you please give more detailed explanation. I think that is an unusual configuration though - most users have exclusive write access to their home dirs (only root can also write there) This unusual config may be because Im looking at things from a windoze network poing of view. Take a small office situation for example: an office manager and some workers. The workers need only access to thier directories, but the office manage may need to save files for the workers to correct or retype or what ever. What would be the prefered way of setting groups and permissions for a situation loke this? you could make joe and admin admin users using the admin users directive > Can some one direct me to a detailed document on how Linux handles file > permissions or the best way to do samba fiel permissions. samba file perms ARE linux file permissionns (unless you are using ACLs) have a look at http://www.onlamp.com/pub/a/bsd/2000/09/06/FreeBSD_Basics.html > BTW why does directory . and .. have different permissions? because . refers to "this" directory and .. refers to the one above "this" one. and they may have different permissions > > Users: admin, joe, user1, user2 > Groups:admins, joe > Smbusers:user01, user02 > Group membership:admins-admin, joe smbusers-user01, user02 > File permissions of data directory: > drwxrwxrwxrootroot. > drwxr xr x rootroot.. > drwxr xr x admin admins admin > drwxr xr x joe admins joe > drwxr xr x user1 smbusersuser1 > drwxr xr x user2 smbusersuser2 something is wrong with these - too many spaces between r and x for group and other. I just did that to make all the columbs line up. brad Thanks again, David -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] file permissions
On Thu, 2002-04-25 at 17:41, David McBride wrote: > I have got my Samba file shareing to work, now I can not seem to get the > permissions worked out like I would like. > I would like admin and joe to have read and write access to all 4 folders. > When I try to write to any folder except admin logged in as admin I can not > write. you need to join admin and joe to the smbusers group and set the permissions on user1 and user2 to at least 775 for that to happen. I think that is an unusual configuration though - most users have exclusive write access to their home dirs (only root can also write there) you could make joe and admin admin users using the admin users directive > Can some one direct me to a detailed document on how Linux handles file > permissions or the best way to do samba fiel permissions. samba file perms ARE linux file permissionns (unless you are using ACLs) have a look at http://www.onlamp.com/pub/a/bsd/2000/09/06/FreeBSD_Basics.html > BTW why does directory . and .. have different permissions? because . refers to "this" directory and .. refers to the one above "this" one. and they may have different permissions > > Users: admin, joe, user1, user2 > Groups:admins, joe > Smbusers:user01, user02 > Group membership:admins-admin, joe smbusers-user01, user02 > File permissions of data directory: > drwxrwxrwxrootroot. > drwxr xr x rootroot.. > drwxr xr x admin admins admin > drwxr xr x joe admins joe > drwxr xr x user1 smbusersuser1 > drwxr xr x user2 smbusersuser2 something is wrong with these - too many spaces between r and x for group and other. brad -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] file permissions
I have got my Samba file shareing to work, now I can not seem to get the permissions worked out like I would like. I would like admin and joe to have read and write access to all 4 folders. When I try to write to any folder except admin logged in as admin I can not write. Can some one direct me to a detailed document on how Linux handles file permissions or the best way to do samba fiel permissions. BTW why does directory . and .. have different permissions? File structure: Data \ }--admin }-joe }-user01 }-user02 Users: admin, joe, user1, user2 Groups:admins, joe Smbusers:user01, user02 Group membership:admins-admin, joe smbusers-user01, user02 File permissions of data directory: drwxrwxrwx rootroot. drwxr xr xrootroot.. drwxr xr xadmin admins admin drwxr xr xjoe admins joe drwxr xr xuser1 smbusersuser1 drwxr xr xuser2 smbusersuser2 Thanks, David -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba