RE: [Samba] group and user permissions issue.
I thought I had this sorted, However there is still a problem - Force group greated the file with the group I required but also gave everyone logging onto the share group access rights. If I take away the force group then the group is set to the user primary group. and the teachers group can't read the file. what I require is for the group to be set to teachers on file creation with no other implications. (if i use force group +teachers then the force only occurs if the logon user is a member of teachers , no use either) Ian Thanks Steve I had clearly misunderstood the scope of force user. ( actually, it was force group ) but the principle is still the same. Tha ctual solution was to remove the line force group = teachers the rights then followed as expected. Ian Ian, You appear to be incorrectly using the force user parameter. From the smb.conf documentation: force user (S) This specifies a UNIX user name that will be assigned as the default user for all users connecting to this service. This is useful for sharing files. You should also use it carefully as using it incorrectly can cause security problems. This user name only gets used once a connection is established. Thus clients still need to connect as a valid user and supply a valid password. Once connected, all file operations will be performed as the forced user, no matter what username the client connected as. This can be very useful. This clearly explains the results you have achieved. Steve Privileged/Confidential Information may be contained in this message. If you are not the addressee indicated in this message (or responsible for delivery of the message to such person), you may not copy or deliver this message to anyone. In such case, you should destroy this message and kindly notify the sender by reply email. Opinions, conclusions and other information contained in this message that do not relate to official business shall be understood as neither given nor endorsed by ITS -Original Message- From: Ian Warburton [mailto:[EMAIL PROTECTED] Sent: Tuesday, June 22, 2004 1:37 PM To: [EMAIL PROTECTED] Subject: [Samba] group and user permissions issue. I have browsed through loads of archive material and cant seem to find anywhere where this exact issue has been posted. am using samba 2.28 set up as an NT domain, there are no problems with the general configuration. My issue is witb samba not following the permissons I have set on files in a shared directory. Purpose: set up a directory for students and teachers where students can leave files and only edit their own files, teachers can edit all files. unix permissions for files are like this -rwxrw1 student1 teachers6 Jun 22 18:22 S1.txt* -rwxrw1 student3 teachers 17 Jun 22 18:21 S3.txt* -rwxrw1 student3 teachers8 Jun 22 18:21 student3.txt* therefore students can edit their own files and teachers in the group teachers can also edit the files. I create a share in samba ie: [Student_GiveWorkIn] user = %U path = /home/Give_work_in create mode = 750 write list = %U only user = yes force group = teachers this works however students using this share can edit each others files. if I set the permissions to : -rwxr-1 student1 teachers2 Jun 22 16:34 S1.txt* -rwxr-1 student3 teachers8 Jun 22 17:12 S3.txt* -rwxr-1 student3 teachers0 Jun 22 15:39 student3.txt* then students can edit their own files and no one elses, but the teachers group can't edit them either ie chmod g+w seems to mean that samba gives group access to the students as well as the teachers, when only the teachers should have access. I am at a loss to explain this behaviour. Ian -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba _ This message was content-scanned by IXC Shield Powered by GatewayDefender - BG0b1bd641.0001.mml -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
RE: [Samba] group and user permissions issue.
Ian, I refer you to section 12.2.3 of the Samba HOWTO Collection. Specifically look at the information concerning the group ID bit (SGID). You can use the file system permissions and controls in such a way that all the files created will be owned by the same group (teachers). This is also covered nicely in John Terpstra's book Samba-3 By Example. Steve Privileged/Confidential Information may be contained in this message. If you are not the addressee indicated in this message (or responsible for delivery of the message to such person), you may not copy or deliver this message to anyone. In such case, you should destroy this message and kindly notify the sender by reply email. Opinions, conclusions and other information contained in this message that do not relate to official business shall be understood as neither given nor endorsed by ITS -Original Message- From: Ian Warburton [mailto:[EMAIL PROTECTED] Sent: Wednesday, June 23, 2004 8:14 AM To: [EMAIL PROTECTED] Cc: Aden, Steve; [EMAIL PROTECTED] Subject: RE: [Samba] group and user permissions issue. I thought I had this sorted, However there is still a problem - Force group greated the file with the group I required but also gave everyone logging onto the share group access rights. If I take away the force group then the group is set to the user primary group. and the teachers group can't read the file. what I require is for the group to be set to teachers on file creation with no other implications. (if i use force group +teachers then the force only occurs if the logon user is a member of teachers , no use either) Ian Thanks Steve I had clearly misunderstood the scope of force user. ( actually, it was force group ) but the principle is still the same. Tha ctual solution was to remove the line force group = teachers the rights then followed as expected. Ian Ian, You appear to be incorrectly using the force user parameter. From the smb.conf documentation: force user (S) This specifies a UNIX user name that will be assigned as the default user for all users connecting to this service. This is useful for sharing files. You should also use it carefully as using it incorrectly can cause security problems. This user name only gets used once a connection is established. Thus clients still need to connect as a valid user and supply a valid password. Once connected, all file operations will be performed as the forced user, no matter what username the client connected as. This can be very useful. This clearly explains the results you have achieved. Steve Privileged/Confidential Information may be contained in this message. If you are not the addressee indicated in this message (or responsible for delivery of the message to such person), you may not copy or deliver this message to anyone. In such case, you should destroy this message and kindly notify the sender by reply email. Opinions, conclusions and other information contained in this message that do not relate to official business shall be understood as neither given nor endorsed by ITS -Original Message- From: Ian Warburton [mailto:[EMAIL PROTECTED] Sent: Tuesday, June 22, 2004 1:37 PM To: [EMAIL PROTECTED] Subject: [Samba] group and user permissions issue. I have browsed through loads of archive material and cant seem to find anywhere where this exact issue has been posted. am using samba 2.28 set up as an NT domain, there are no problems with the general configuration. My issue is witb samba not following the permissons I have set on files in a shared directory. Purpose: set up a directory for students and teachers where students can leave files and only edit their own files, teachers can edit all files. unix permissions for files are like this -rwxrw1 student1 teachers6 Jun 22 18:22 S1.txt* -rwxrw1 student3 teachers 17 Jun 22 18:21 S3.txt* -rwxrw1 student3 teachers8 Jun 22 18:21 student3.txt* therefore students can edit their own files and teachers in the group teachers can also edit the files. I create a share in samba ie: [Student_GiveWorkIn] user = %U path = /home/Give_work_in create mode = 750 write list = %U only user = yes force group = teachers this works however students using this share can edit each others files. if I set the permissions to : -rwxr-1 student1 teachers2 Jun 22 16:34 S1.txt* -rwxr-1 student3 teachers8 Jun 22 17:12 S3.txt* -rwxr-1 student3 teachers0 Jun 22 15:39 student3.txt* then students can edit their own files and no one elses, but the teachers group can't edit them either ie chmod g+w seems to mean that samba gives group access to the students as well as the teachers, when only the teachers should have access. I am at a loss to explain this behaviour. Ian -- To unsubscribe
RE: [Samba] group and user permissions issue.
Ian, You appear to be incorrectly using the force user parameter. From the smb.conf documentation: force user (S) This specifies a UNIX user name that will be assigned as the default user for all users connecting to this service. This is useful for sharing files. You should also use it carefully as using it incorrectly can cause security problems. This user name only gets used once a connection is established. Thus clients still need to connect as a valid user and supply a valid password. Once connected, all file operations will be performed as the forced user, no matter what username the client connected as. This can be very useful. This clearly explains the results you have achieved. Steve Privileged/Confidential Information may be contained in this message. If you are not the addressee indicated in this message (or responsible for delivery of the message to such person), you may not copy or deliver this message to anyone. In such case, you should destroy this message and kindly notify the sender by reply email. Opinions, conclusions and other information contained in this message that do not relate to official business shall be understood as neither given nor endorsed by ITS -Original Message- From: Ian Warburton [mailto:[EMAIL PROTECTED] Sent: Tuesday, June 22, 2004 1:37 PM To: [EMAIL PROTECTED] Subject: [Samba] group and user permissions issue. I have browsed through loads of archive material and cant seem to find anywhere where this exact issue has been posted. am using samba 2.28 set up as an NT domain, there are no problems with the general configuration. My issue is witb samba not following the permissons I have set on files in a shared directory. Purpose: set up a directory for students and teachers where students can leave files and only edit their own files, teachers can edit all files. unix permissions for files are like this -rwxrw1 student1 teachers6 Jun 22 18:22 S1.txt* -rwxrw1 student3 teachers 17 Jun 22 18:21 S3.txt* -rwxrw1 student3 teachers8 Jun 22 18:21 student3.txt* therefore students can edit their own files and teachers in the group teachers can also edit the files. I create a share in samba ie: [Student_GiveWorkIn] user = %U path = /home/Give_work_in create mode = 750 write list = %U only user = yes force group = teachers this works however students using this share can edit each others files. if I set the permissions to : -rwxr-1 student1 teachers2 Jun 22 16:34 S1.txt* -rwxr-1 student3 teachers8 Jun 22 17:12 S3.txt* -rwxr-1 student3 teachers0 Jun 22 15:39 student3.txt* then students can edit their own files and no one elses, but the teachers group can't edit them either ie chmod g+w seems to mean that samba gives group access to the students as well as the teachers, when only the teachers should have access. I am at a loss to explain this behaviour. Ian -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba _ This message was content-scanned by IXC Shield Powered by GatewayDefender - BG0b1bd641.0001.mml -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
