[Samba] file permissions on home directories and admin user copying files to it
We want to copy files with the group in the admin list of the [homes] share. The problem is that the copied files then are owned by root. I know this is normal unix behavior. However we want the copied files to be owned by the user of the homeshare. I read the samba howto section Users Cannot Write to a Public Share. Although I want to set the owner on the home shares and not on a public share. The mentioned section however does not seem to work on Redhat 7.3 nor RH AS 3 ? The group gets set correctly (gets changed to the group who owned the directory) but the user stays the same. I am wondering if this is a particular issue with the Redhat distribution or something else ? For now I tried this solution : in [homes] : root preexec = chown -R %S %P This works but I wonder if this is good solution ? Christian -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] file permissions on home directories and admin user copying files to it
Hi Aaron, Thanks for your answer. I already set the create mask for files and directories : for files 0600 -- user can only write and read for directories 0700 -- directories can be read and entered (executed) by the user This however only sets the rights and not the ownership. The problem arises when an admin (in the adminlist) copies files from another drive/share/... to the home share of a user via samba. These copied files have then as owner root. The effect of this (0600 and root ) is that the user can not read or write to this file. This is in fact a test server for a customer. What they actually want is the behavior of windows : the copied files inherit the rights of the directory where they are created. eg : homedir : 0700 owner : the user group domain users The admin copies or created a file example.txt in homedir. -- rights of example.txt : 0600 owner the user group domain users The group ownership is possible with chmod g+s homedir or chmod 2700 homedir. If I would set a create mask for files as 0660 and for directories 0770 the problem would be solved but I wanted the restrict the rights to the ones set. And I don't want to maintain private groups (ala redhat) for these users. I am just wondering how other people do this with admins which don't know anything about unix file permissions ? Regards, Christian Aaron Collins [EMAIL PROTECTED] wrote on 13/11/2003 21:19:13: You should have a look at the create mask option, it says what the default permissions should be on files that get created. This will override the default unix behavior. See also inherit permissions , directory mask, force create mode and force directory mode I think these are the options your looking for in your smb.conf -Aaron c On Thu, 2003-11-13 at 11:40, Christian Nabski wrote: We want to copy files with the group in the admin list of the [homes] share. The problem is that the copied files then are owned by root. I know this is normal unix behavior. However we want the copied files to be owned by the user of the homeshare. I read the samba howto section Users Cannot Write to a Public Share. Although I want to set the owner on the home shares and not on a public share. The mentioned section however does not seem to work on Redhat 7.3 nor RH AS 3 ? The group gets set correctly (gets changed to the group who owned the directory) but the user stays the same. I am wondering if this is a particular issue with the Redhat distribution or something else ? For now I tried this solution : in [homes] : root preexec = chown -R %S %P This works but I wonder if this is good solution ? Christian -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] file permissions on home directories and admin user copying files to it
So the only way to do this would be like in my initial mail ? in [homes] : root preexec = chown -R %S %P John H Terpstra [EMAIL PROTECTED] wrote on 14/11/2003 02:34:06: On Fri, 14 Nov 2003, Christian Nabski wrote: Hi Aaron, Thanks for your answer. I already set the create mask for files and directories : for files 0600 -- user can only write and read for directories 0700 -- directories can be read and entered (executed) by the user This however only sets the rights and not the ownership. The problem arises when an admin (in the adminlist) copies files from another drive/share/... to the home share of a user via samba. These copied files have then as owner root. The effect of this (0600 and root ) is that the user can not read or write to this file. Correct. The same happens when root copies files under UNIX. If you copy them as a normal user this does not happen. Root always overrides UNIX security. - John T. This is in fact a test server for a customer. What they actually want is the behavior of windows : the copied files inherit the rights of the directory where they are created. eg : homedir : 0700 owner : the user group domain users The admin copies or created a file example.txt in homedir. -- rights of example.txt : 0600 owner the user group domain users The group ownership is possible with chmod g+s homedir or chmod 2700 homedir. If I would set a create mask for files as 0660 and for directories 0770 the problem would be solved but I wanted the restrict the rights to the ones set. And I don't want to maintain private groups (ala redhat) for these users. I am just wondering how other people do this with admins which don't know anything about unix file permissions ? -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] samba 3.0 problems with word files and possible other msoffice files
A follow-up on my own message. :-) I tried a few other things yesterday. A problem is also (like another poster said) that I don't see a difference in rights of some directories. With one dir word doesn't save the files and with another it does. So I have 2 directories in problem_share : problem_share|dir/dir1 -- word doesn't save the files (memory or disk space msword error) problem_share|dir/dir2 -- word saves without problem both dirs have the same rights. Now I tried this : - enabled all oplocks problem_share|dir/dir1 -- word saves the file ! but takes a long time to finalize (it looks like word has crashed but returns after approx 30s a 1min) problem_share|dir/dir2 -- word saves without problem (no delays) Finally I tried this : - enabled all oplocks and copied the files to a new directory Till now I heard no problems. Let's see how it behaves today and next week. The disk config is 4 disks in raid 5 with raid ctrl. I described the problem with 1 problem dir but there were also other directories with problems. Christian -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] samba 3.0 problems with word files and possible other msoffice files
We have several problems with word files which I would really like to have solved. The users are getting restless and me too ... Situation : I can not reproduce the problem with my version and config of pc. But we have a group of people which use windows 2000 and msoffice 2000. They use only word with an addon which translates texts (these people are translators). The translator addon hooks in word and allows them to translate parts of the word documents to other languages. The server version is samba 3.0.0 on redhat 7.3 (kernel 2.4.18) Symptoms : - When they save some files they are error messages like : disk is write protected , format the media , invalid filename , etc ... This also happens on files which are not new and it doesn't happen always. - Also frequently these files are staying readonly (also after closing the file). A wild guess : - something is still wrong with the permissions although the unix rights are ok (user is member of group and group has rw rights). Maybe word still see the wrong rights and thinks it can not write. Word does not change the file to readwrite and the file stays readonly. Wrong guess ? - maybe turning off all oplocks is not such a good idea ? Notes : - We turned of all oplocks because of a sometimes not too reliable network was giving file corruption. - I read the faq and saw the explanation on word. This does not seem to be the problem ? All files have alway the same group and the people are member of it. So I guess the changing of rights part is ok. I tried the force group but also tried to turn this of and use ony bit set of the group. Same problems. If someone can shed a light on this we would be very grateful as I don't see a solution for the moment. regards, Christian Here is most of [global] and the problem share : [global] dos charset = CP850 unix charset = UTF-8 display charset = ISO8859-1 workgroup = COMPANY netbios name = FileSRV netbios aliases = netbios scope = server string = Company_name Samba %L [v%v] interfaces = bind interfaces only = No security = USER auth methods = encrypt passwords = Yes update encrypted = No client schannel = Auto server schannel = Auto allow trusted domains = Yes hosts equiv = min passwd length = 6 map to guest = Never null passwords = No obey pam restrictions = Yes password server = * smb passwd file = /etc/samba/smbpasswd private dir = /etc/samba passdb backend = ldapsam:ldap://our.ldapserver.com algorithmic rid base = 1000 root directory = guest account = nobody pam password change = No username map = password level = 0 username level = 0 unix password sync = No restrict anonymous = 0 lanman auth = No ntlm auth = Yes client NTLMv2 auth = No client lanman auth = Yes client plaintext auth = Yes preload modules = /usr/lib/libldap.so.2 log level = 2 syslog = 1 syslog only = No log file = /var/log/samba/log.%m max log size = 50 timestamp logs = Yes debug hires timestamp = No debug pid = No debug uid = No smb ports = 445 139 protocol = NT1 large readwrite = Yes max protocol = NT1 min protocol = NT1 unicode = Yes read bmpx = No read raw = Yes write raw = Yes disable netbios = No acl compatibility = nt pipe support = Yes nt status support = Yes announce version = 4.9 announce as = NT max mux = 50 max xmit = 16644 name resolve order = lmhosts wins host bcast max ttl = 259200 max wins ttl = 518400 min wins ttl = 21600 time server = Yes unix extensions = Yes use spnego = Yes client signing = auto server signing = No client use spnego = Yes change notify timeout = 60 deadtime = 0 getwd cache = Yes keepalive = 300 kernel change notify = Yes lpq cache time = 10 max smbd processes = 0 paranoid server security = Yes max disk size = 0 max open files = 1 read size = 16384 socket options = TCP_NODELAY IPTOS_LOWDELAY SO_KEEPALIVE SO_RCVBUF=8192 SO_SNDBUF=8192 use mmap = Yes hostname lookups = No name cache timeout = 660 load printers = Yes printcap name = cups disable spoolss = No enumports command = addprinter command = deleteprinter command = show add printer wizard = Yes os2 driver map = mangling method = hash2 mangle prefix = 1 mangled stack = 50 stat cache = Yes machine