Re: [cifs-discuss] Prevent write access for guests
Thanks Alan, that at least narrows it down. I'll take this issue to Ubuntu support and see if they can come up with anything -- This message posted from opensolaris.org ___ cifs-discuss mailing list cifs-discuss@opensolaris.org http://mail.opensolaris.org/mailman/listinfo/cifs-discuss
Re: [cifs-discuss] Prevent write access for guests
On 09/17/10 12:41 AM, Geoff wrote: Whoops, here's another file. I think I saved it right this time. There are no errors and no permission problems in the network capture. I suspect the 'operation not supported' problem may be something local on your client. Alan ___ cifs-discuss mailing list cifs-discuss@opensolaris.org http://mail.opensolaris.org/mailman/listinfo/cifs-discuss
Re: [cifs-discuss] Prevent write access for guests
Hi Alan. I've attached a .cvs file exported from wireshark. It was captured as Picard attempted to move a single .flac file. Thanks but I need the binary (cap/pcap) version of the data. Alan ___ cifs-discuss mailing list cifs-discuss@opensolaris.org http://mail.opensolaris.org/mailman/listinfo/cifs-discuss
Re: [cifs-discuss] Prevent write access for guests
Whoops, I may have spoken too soon! I'm still getting this error: (Error: [Errno 95] Operation not supported) when Picard tries to move some of my albums from my bravo_geoff share to my alpha_public share. And now I just got the same error when trying to Grsync some photos: rsync: mkstemp /home/geoff/.gvfs/alpha_public on zfs_fileserver/Photos/Geoff Photos/2010/07/12/.IMG_4482.JPG.zLnhR4 failed: Operation not supported (95) Since both these errors are identical, I would assume it's an issue with my server permissions. Does that sound about right? -- This message posted from opensolaris.org ___ cifs-discuss mailing list cifs-discuss@opensolaris.org http://mail.opensolaris.org/mailman/listinfo/cifs-discuss
Re: [cifs-discuss] Prevent write access for guests
That's good news on the permissions front. For the move operation, a network capture might help identify what's going wrong. Does Musicbrainz Picard exhibit the same problem if you run it on a Windows client? Alan Original Message Subject: Re: [cifs-discuss] Prevent write access for guests Date: Mon, 06 Sep 2010 22:26:34 PDT From: Geoff no-re...@opensolaris.org To: cifs-discuss@opensolaris.org Thanks Alan. I went through Jordan's link yesterday, and your posts have really reinforced what I read. I'm slowly starting to understand ACLs. I set my permission as such: /usr/bin/chmod -R A=owner@:full_set:file_inherit/dir_inherit:allow,everyone@:read_set/execute:file_inherit/dir_inherit:allow /alpha/public and did the same for /bravo/geoff (my private share, which doesn't have guest access). It seems all is working well. Windows guests can only read files, while I have full access after I log in from my Ubuntu client. I have run into a problem though. It seems that a program I use to tag music (Musicbrainz Picard) fails when trying to move files from my /bravo/geoff share to my /alpha/public share. It fails even though I'm logged in to the shares from Ubuntu and can create, delete, copy, and move files with no problem in Nautilus. The program also has no problem moving files from my client to the shares, but as soon as I try to move files between the shares, it gives an error. Any ideas? Are there SMB logs I can check to see if it's a server issue? ___ cifs-discuss mailing list cifs-discuss@opensolaris.org http://mail.opensolaris.org/mailman/listinfo/cifs-discuss
Re: [cifs-discuss] Prevent write access for guests
Ah, I think it was due to me having Replace Windows-incompatible characters unchecked. The error message Picard output led me to believe it was a permissions problem. Seems to be working now :) -- This message posted from opensolaris.org ___ cifs-discuss mailing list cifs-discuss@opensolaris.org http://mail.opensolaris.org/mailman/listinfo/cifs-discuss
Re: [cifs-discuss] Prevent write access for guests
Geoff wrote: I've noticed that my access to the share from Ubuntu is spotty to say the least Error: DBus error org.freedesktop.DBus.Error.NoReply: ... I'm not sure if this is a problem with the server or my client. Accessing the share from Windows clients is much more reliable. I suspect a Gnome problem on the Ubuntu system - perhaps a question for Ubuntu support. I can't seem to dig up any info on chmod A do you have any resources on this? A google search for ZFS ACL should return lots of hits. Mark's blog is a good place to start: http://blogs.sun.com/marks/entry/zfs_acls I've written about this in previous discussion threads. For example: http://opensolaris.org/jive/thread.jspa?threadID=132936tstart=0 Instead of chmod 755: /bin/chmod A=owner@:full_set:fd:allow path /bin/chmod A+everyone@:read_set/execute:fd:allow path Instead of chmod 644: /bin/chmod A=owner@:modify_set:fd:allow path /bin/chmod A+everyone@:read_set:fd:allow path Alan ___ cifs-discuss mailing list cifs-discuss@opensolaris.org http://mail.opensolaris.org/mailman/listinfo/cifs-discuss
Re: [cifs-discuss] Prevent write access for guests
Also: Chapter 8 Using ACLs to Protect ZFS Files http://docs.sun.com/app/docs/doc/819-5461/ftyxi?a=view Jordan Brown wrote: [ Jumping in so we can maybe get in another exchange over the weekend ] Geoff wrote: I can't seem to dig up any info on chmod A do you have any resources on this? See the chmod(1) manual page. If you don't have it handy, you can find it at http://docs.sun.com/app/docs/doc/816-5165/chmod-1?l=alla=view Scroll down to ACL Operation and, under that, to NFSv4 ACL Specification. Alternatively, you can use Windows tools to set the ACLs. That's often easier. The -v option to ls will show the ACL on a file or directory. ___ cifs-discuss mailing list cifs-discuss@opensolaris.org http://mail.opensolaris.org/mailman/listinfo/cifs-discuss
Re: [cifs-discuss] Prevent write access for guests
Thanks Alan. I went through Jordan's link yesterday, and your posts have really reinforced what I read. I'm slowly starting to understand ACLs. I set my permission as such: /usr/bin/chmod -R A=owner@:full_set:file_inherit/dir_inherit:allow,everyone@:read_set/execute:file_inherit/dir_inherit:allow /alpha/public and did the same for /bravo/geoff (my private share, which doesn't have guest access). It seems all is working well. Windows guests can only read files, while I have full access after I log in from my Ubuntu client. I have run into a problem though. It seems that a program I use to tag music (Musicbrainz Picard) fails when trying to move files from my /bravo/geoff share to my /alpha/public share. It fails even though I'm logged in to the shares from Ubuntu and can create, delete, copy, and move files with no problem in Nautilus. The program also has no problem moving files from my client to the shares, but as soon as I try to move files between the shares, it gives an error. Any ideas? Are there SMB logs I can check to see if it's a server issue? -- This message posted from opensolaris.org ___ cifs-discuss mailing list cifs-discuss@opensolaris.org http://mail.opensolaris.org/mailman/listinfo/cifs-discuss
Re: [cifs-discuss] Prevent write access for guests
[ Jumping in so we can maybe get in another exchange over the weekend ] Geoff wrote: I can't seem to dig up any info on chmod A do you have any resources on this? See the chmod(1) manual page. If you don't have it handy, you can find it at http://docs.sun.com/app/docs/doc/816-5165/chmod-1?l=alla=view Scroll down to ACL Operation and, under that, to NFSv4 ACL Specification. Alternatively, you can use Windows tools to set the ACLs. That's often easier. The -v option to ls will show the ACL on a file or directory. ___ cifs-discuss mailing list cifs-discuss@opensolaris.org http://mail.opensolaris.org/mailman/listinfo/cifs-discuss
Re: [cifs-discuss] Prevent write access for guests
If the account with which you are logged into your client is valid on the server (or domain) your connection will be based on that account rather than guest. Windows clients always send your desktop login credentials unless you tell the client to map the share as a different user, and guest access is only checked if all other authentication options have failed. If you are accessing ZFS from Windows clients I'd recommend setting permissions using the chmod A option rather than the traditional UNIX permissions to avoid spurious access issues. There are aliases to get the appropriate permissions: 7 - full_set 5 - read_set/execute 4 - read_set Alan Original Message Subject: [cifs-discuss] Prevent write access for guests Date: Sat, 04 Sep 2010 00:42:16 -0700 (PDT) From: Geoff no-re...@opensolaris.org To: cifs-discuss@opensolaris.org I guess I'm not just understanding permissions/ACLs. I have a share that I'm using to serve music, videos, etc. to the rest of my household: zfs zfs/alpha/public smb=(guestok=true) alpha_public=/alpha/public I basically want to give everyone except me read-only access. The directories are chmod'ed to 755 and the files to 644. Yet if I access the share over the network I'm able to create, delete, rename files and folders without ever logging in. What am I doing wrong here? ___ cifs-discuss mailing list cifs-discuss@opensolaris.org http://mail.opensolaris.org/mailman/listinfo/cifs-discuss