subject:"\[Samba\] Need help with share permissions"

Re: [Samba] Need help with share permissions

2012-10-05 Thread Andreas Oster

Am 05.10.2012 21:11, schrieb Jeremy Allison:
> Hmmm. The :
> 
> force directory mode = 0770
> directory mask = 0770
> 
> setting should do the trick. Are you also storing
> the DOS attributes in EA's ? You probably also
> need that to prevent UNIX permission modification.
> 
> Try adding:
> 
>store dos attributes = yes
>map readonly = no
>map system = no
>map hidden = no
>map archive = no
> 
> and re-test creating a new directory.
> 
> Jeremy.
> -- To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/options/samba
Hello Jeremy,

thank you for your reply. Unfortunately these settings did not help.
Directories still will have 0750 permission and now this does not change
to 0770 when doing a renaming. Files will now be created with 0640
instead of 0660.

Here the output of testparm :

[global]
workgroup = MYDOM
realm = MYDOM.DE
server string = %h server (Samba, Ubuntu)
security = ADS
map to guest = Bad User
obey pam restrictions = Yes
syslog = 0
log file = /var/log/samba/log.%m
max log size = 1000
max protocol = SMB2
printcap name = cups
dns proxy = No
wins support = Yes
panic action = /usr/share/samba/panic-action %d
template homedir = /shares/homes/%U
template shell = /bin/sh
winbind cache time = 10
winbind enum users = Yes
winbind enum groups = Yes
winbind use default domain = Yes
winbind refresh tickets = Yes
winbind offline logon = Yes
idmap config *:range = 1-2
idmap config MYDOM:range = 1-2
idmap config MYDOM:backend = rid
idmap config * : backend = tdb
use client driver = Yes
map archive = No
map readonly = no
store dos attributes = Yes

[homes]
comment = Home Directories
valid users = %S
write list = %S, "+MYDOM\Domain Admins"
force group = "MYDOM\Domain Users"
create mask = 0770
directory mask = 0770
browseable = No

[printers]
comment = All Printers
path = /var/spool/samba
create mask = 0700
guest ok = Yes
printable = Yes
print ok = Yes
browseable = No

[print$]
comment = Printer Drivers
path = /var/lib/samba/printers

[Pictures]
comment = Pictures auf TICKSMB3
path = /shares/pictures
valid users = +MYDOM\Pictures, "+MYDOM\Domain Admins"
force group = "MYDOM\Pictures"
read only = No
create mask = 0660
force create mode = 0660
directory mask = 0770
force directory mode = 0770

Thank you for your kind help.

best regards

Andreas

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] Need help with share permissions

2012-10-05 Thread Jeremy Allison

On Fri, Oct 05, 2012 at 03:42:24PM +0200, Andreas Oster wrote:
> Hello all,
> 
> I am struggling to get share permissions to work properly.
> I am currently using samba 3.6.3 with AD integration.
> 
> I want to force the following permissions:
> 
> - created/renamed/copied directories: 0770
> - created/renamed/copied files: 0660
> - file permissions should not be editable by Windows users.
> 
> I have tried a lot of different combinations of parameters but failed to
> get the desired permissions. Most of the time I end up with 0660 for
> newly created files and 0750 for newly created directories. When I
> rename a just created directory permission changes to 0770.
> 
> At the moment I have this in my test share:
> 
> 
> force group = "MYDOM\test"
> force create mode = 0660
> create mask = 0660
> force directory mode = 0770
> directory mask = 0770

Hmmm. The :

force directory mode = 0770
directory mask = 0770

setting should do the trick. Are you also storing
the DOS attributes in EA's ? You probably also
need that to prevent UNIX permission modification.

Try adding:

   store dos attributes = yes
   map readonly = no
   map system = no
   map hidden = no
   map archive = no

and re-test creating a new directory.

Jeremy.
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

[Samba] Need help with share permissions

2012-10-05 Thread Andreas Oster

Hello all,

I am struggling to get share permissions to work properly.
I am currently using samba 3.6.3 with AD integration.

I want to force the following permissions:

- created/renamed/copied directories: 0770
- created/renamed/copied files: 0660
- file permissions should not be editable by Windows users.

I have tried a lot of different combinations of parameters but failed to
get the desired permissions. Most of the time I end up with 0660 for
newly created files and 0750 for newly created directories. When I
rename a just created directory permission changes to 0770.

At the moment I have this in my test share:


force group = "MYDOM\test"
force create mode = 0660
create mask = 0660
force directory mode = 0770
directory mask = 0770


Thank you for your kind help

best regards

Andreas

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] Need help with share permissions

Re: [Samba] Need help with share permissions

[Samba] Need help with share permissions

3 matches

Site Navigation

Mail list logo

Footer information