Re: [Samba] User cannot get into own directory with 700 permissions
Colin Fowler wrote: If I create a directory with 700 permissions owned by me with the group set to my primary group I *cannot* get into the directory from my windows machine. I can of course get into it from unix If however I set the mode to 740, I can get into it from windows Samba version is 3.6.5 running on Debian squeeze and is installed from the backports repository. Below is a snippet of the log file at log level 5 from when I try to access the directory 700_dir_cfowler_staff any help much appreciated! You create the directory on your unix box with 700 permissions. How did you mount the partition?? I.e. How does it know that the 'you' on your win-sys is the same 'you' as the you on your linux box? Case in point -- I have at least 2 'you's, that I am... one is in my domain, the other is on the workstation. The one in the domain is the same one as on the linux server, but the login with the same name on my workstation is NOT the same user -- one is linda@workstation, while the other is linda@domain. Now you can put both of those users in the same group...and have files delegated by group (which is how I try to manage sharing -- but it doesn't always work because windows progs don't know to give access by group --- I mean giving access to a group -- to say some software -- that would be like piracy --- (*cough*), -- windows has always wanted to charge by the user AND by the machine -- so the windows you install on 1 machine isn't really yours to use on another. So it was in their interest to allow as little universal ID's as possible unless you paid extra, for per-person licensing that was sold to businesses at a premium price... maybe you get the picture??... You can either try to make do with groups -- or try to bring up your linux box as a domain server -- if you already have it set as a domain server, um...I think 'deny-access' entries get ordered before permission entries, so if it took out your group access with a deny, that's another possibility. Hopefully this gives you a few places to look...(can't say alot, as my own setup is held together with duck-tape and paper clips... and isn't always the most stable (understatement)... -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] User cannot get into own directory with 700 permissions
If I create a directory with 700 permissions owned by me with the group set to my primary group I *cannot* get into the directory from my windows machine. I can of course get into it from unix If however I set the mode to 740, I can get into it from windows Samba version is 3.6.5 running on Debian squeeze and is installed from the backports repository. Below is a snippet of the log file at log level 5 from when I try to access the directory 700_dir_cfowler_staff any help much appreciated! [2012/06/15 10:24:25.700630, 3] smbd/process.c:1467(switch_message) switch message SMBntcreateX (pid 5978) conn 0x7fab011282a0 [2012/06/15 10:24:25.700932, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2012/06/15 10:24:25.701045, 5] smbd/filename.c:257(unix_convert) unix_convert called on file test2/700_dir_cfowler_staff [2012/06/15 10:24:25.701178, 5] smbd/files.c:126(file_new) allocated file structure 10381, fnum = 14477 (3 used) [2012/06/15 10:24:25.701296, 3] smbd/dosmode.c:159(unix_mode) unix_mode(test2/700_dir_cfowler_staff) returning 0740 [2012/06/15 10:24:25.701445, 4] smbd/open.c:2069(open_file_ntcreate) calling open_file with flags=0x0 flags2=0x0 mode=0740, access_mask = 0x81, open_access_mask = 0x81 [2012/06/15 10:24:25.701655, 5] smbd/files.c:464(file_free) freed files structure 14477 (2 used) [2012/06/15 10:24:25.701770, 5] smbd/open.c:2597(open_directory) open_directory: opening directory test2/700_dir_cfowler_staff, access_mask = 0x81, share_access = 0x7 create_options = 0x0, create_disposition = 0x1, file_attributes = 0x10 [2012/06/15 10:24:25.701960, 3] smbd/error.c:81(error_packet_set) error packet at smbd/error.c(161) cmd=162 (SMBntcreateX) NT_STATUS_ACCESS_DENIED [global] workgroup = FOO realm = FOO.BAR.COM interfaces = eth0, lo bind interfaces only = Yes security = DOMAIN log file = /var/log/samba/samba.log.%m unix extensions = No idmap config * : backend = tdb wide links = Yes log level = 5 [homes] comment = Home directories (%h) read only = No create mask = 0750 browseable = No -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
