[Samba] Question on read only behavior in smb.conf

[Sullivan, James (NIH/CIT)]

Hi All,

I've built Samba v2.2.8a on a RedHat 7.2 system and it seems to work ok.
However
I cannot understand the read only parameter in the following situation:

smb.conf file:
---
[global]
   security=user
   encrypt passwords=yes
[foo]
   path=/tmp/foo
   read only=yes
   
The ownermode of /tmp/foo is:
--
% ls -ld /tmp/foo
drwx-r-xr-x  3  joe  joe  1024  Sep  23  13:52  /tmp/foo

I've setup a smbpasswd file containing users joe and sue, both with
passwords.
I can connect to \\mymachine\foo as joe or sue ok from my Windows 2000
PC.  
I connect it to drive K: and can see all the files in /tmp/foo.

However: 
-when connected via samba as joe I can successfully paste files into
/tmp/foo. (not expected)
-when connected via samba as sue I cannot paste files into /tmp/foo.
(expected)

It appears the UNIX file permissions are overriding the Samba configuration.
I thought Samba worked the other way around but without allowing more rights
than the UNIX permissions provide.
In other words, why does joe have write access to a samba service defined
as read only in the samba configuration?

I also checked the Properties/Security of the share from my Windows 2000
PC and it says:
Allow   Joe Full Control
Allow   EveryoneRead  Execute

If this is how it is supposed to work then life gets difficult in the
following circumstance:
If I have a directory I want to make mountable from Samba as read only,
I need to be careful and check all directory and file permissions to ensure
no one connecting
via Samba will have a UNIX write permission that overrides the Samba setting
of read only.

Is this correct behavior for Samba?  Is there a way to make a service truely
read only no matter
who is connected and who ownes the files?  I also discovered that if sue's
group matches the group
ownership of /tmp/foo, then sue has write access IF /tmp/foo is group
writeable.

Thanks in advance.  Samba set up quickly and seems to work great, except for
this 
little bit of strangeness.  

-Jim


James E. Sullivan   |  Northrop Grumman IT 
Building 12B|  on site at: NIH/CIT/DCSS/SOSB
Room 2N207  |  Phone:301-451-6372
Bethesda, MD 20892  |  Email:[EMAIL PROTECTED]
   -

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Question on read only behavior in smb.conf

[Tom Schaefer]

It should behave as you expect, a read only share is a read only share period no 
matter what the UNIX permissions are.  At least thats been my experience with it and 
what the man page seems to suggest.  I am very surprised at what you are seeing.  

Tom Schaefer
UNIX Administrator
University of Missouri Saint Louis


On Fri, 26 Sep 2003 17:59:13 -0400
Sullivan, James (NIH/CIT) [EMAIL PROTECTED] wrote:

 Hi All,
 
 I've built Samba v2.2.8a on a RedHat 7.2 system and it seems to work ok.
 However
 I cannot understand the read only parameter in the following situation:
 
 smb.conf file:
 ---
 [global]
security=user
encrypt passwords=yes
 [foo]
path=/tmp/foo
read only=yes

 The ownermode of /tmp/foo is:
 --
 % ls -ld /tmp/foo
 drwx-r-xr-x  3  joe  joe  1024  Sep  23  13:52  /tmp/foo
 
 I've setup a smbpasswd file containing users joe and sue, both with
 passwords.
 I can connect to \\mymachine\foo as joe or sue ok from my Windows 2000
 PC.  
 I connect it to drive K: and can see all the files in /tmp/foo.
 
 However: 
 -when connected via samba as joe I can successfully paste files into
 /tmp/foo. (not expected)
 -when connected via samba as sue I cannot paste files into /tmp/foo.
 (expected)
 
 It appears the UNIX file permissions are overriding the Samba configuration.
 I thought Samba worked the other way around but without allowing more rights
 than the UNIX permissions provide.
 In other words, why does joe have write access to a samba service defined
 as read only in the samba configuration?
 
 I also checked the Properties/Security of the share from my Windows 2000
 PC and it says:
 Allow Joe Full Control
 Allow EveryoneRead  Execute
 
 If this is how it is supposed to work then life gets difficult in the
 following circumstance:
 If I have a directory I want to make mountable from Samba as read only,
 I need to be careful and check all directory and file permissions to ensure
 no one connecting
 via Samba will have a UNIX write permission that overrides the Samba setting
 of read only.
 
 Is this correct behavior for Samba?  Is there a way to make a service truely
 read only no matter
 who is connected and who ownes the files?  I also discovered that if sue's
 group matches the group
 ownership of /tmp/foo, then sue has write access IF /tmp/foo is group
 writeable.
 
 Thanks in advance.  Samba set up quickly and seems to work great, except for
 this 
 little bit of strangeness.  
 
 -Jim
 
   
   James E. Sullivan   |  Northrop Grumman IT 
   Building 12B|  on site at: NIH/CIT/DCSS/SOSB
   Room 2N207  |  Phone:301-451-6372
   Bethesda, MD 20892  |  Email:[EMAIL PROTECTED]
-
 
 -- 
 To unsubscribe from this list go to the following URL and read the
 instructions:  http://lists.samba.org/mailman/listinfo/samba
 
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba