Re: [Samba] File permissions 0070 with Office 2010 after saving
I solved that by playing around with the oplocks [global] kernel oplocks = no oplocks = no level2 oplocks = no Shares: veto oplock files = /*.doc/*.docx/*.xls/*.xlsx/*.pptx/*.ppsx/*.ppt/*.pps Then it was working again with 7 and samba 3.6.0 - but yes it was no problem with 3.5.11 and 7 regards Martin I think this is a recurrence of an old bug. Running Samba 3.5.4 with CTDB on GPFS 3.4.0.6 with the vfs_gpfs module using CentOS 5.6. It is a vanilla CentOS RPM's with the vfs_gpfs module a self compiled add on. Running with NFSv4 ACL's. Basically what happens is when a user saves a file in Office 2010 (no Office 2007 to test with) with Windows 7 on the Unix side the permissions on the file get set to 0070 and all hell breaks loose. Some references on very similar issues in the past https://bugzilla.redhat.com/show_bug.cgi?id=462069 http://forums.novell.com/suse/suse-product-discussion-forums/suse-linux-enterprise/suse-linux-enterprise-server-sles/sles-networking/383114-office-2007-samba-acl-problems-owner-read-only.html The only difference is that we get 0070 permissions now instead of 0470. It only seems to effect files saved with Office 2010. JAB. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] File permissions confusion
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 04/11/2011 01:13 PM, James Moe wrote: Hello, samba Version 3.5.4-5.3.1-2489-SUSE-SL11.3 I do not understand why the file permissions of mounted shares are different when the share is viewed locally and when viewed remotely. [...] Is there a way to have the actual, real, local permissions shown to remote hosts? And to have the ability to change the permissions remotely? No one?!? - -- James Moe moe dot james at sohnen-moe dot com 520.743.3936 -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.15 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAk2vB/AACgkQzTcr8Prq0ZN7wwCfcTq0AYxjzHmuyethR+sThwPA yx8AoI6f5XhalQRnMtR8ZkOZpvJ7iss8 =LZng -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] File permissions confusion
From: James Moe ji...@sohnen-moe.com Date: Wed, 20 Apr 2011 09:21:04 -0700 samba Version 3.5.4-5.3.1-2489-SUSE-SL11.3 I do not understand why the file permissions of mounted shares are different when the share is viewed locally and when viewed remotely. [...] Is there a way to have the actual, real, local permissions shown to remote hosts? No, CIFS essentially do not have the semantics of permission. Because it is natively used to share Windows file system, which does not have the semantics. The permissions of mounted shares are created by client CIFS module internally and vanished when umounted. This is not the limitation of Samba or CIFS module but of CIFS protocol. Use NFS instead. --- TAKAHASHI Motonobu mo...@samba.gr.jp -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] File permissions confusion
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 04/20/2011 09:42 AM, TAKAHASHI Motonobu wrote: Is there a way to have the actual, real, local permissions shown to remote hosts? No, CIFS essentially do not have the semantics of permission. Because it is natively used to share Windows file system, which does not have the semantics. The permissions of mounted shares are created by client CIFS module internally and vanished when umounted. This is not the limitation of Samba or CIFS module but of CIFS protocol. Use NFS instead. Thank you. - -- James Moe moe dot james at sohnen-moe dot com 520.743.3936 -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.15 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAk2vr6EACgkQzTcr8Prq0ZOs7wCdHMqTwZcX5JhNrkhe+q0IIlAs 99IAnAxChWslO3rFLUb+0W5xsbocQpjX =fJub -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] File permissions confusion
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 04/11/2011 01:13 PM, James Moe wrote: samba Version 3.5.4-5.3.1-2489-SUSE-SL11.3 I do not understand why the file permissions of mounted shares are different when the share is viewed locally and when viewed remotely. [...] Is there a way to have the actual, real, local permissions shown to remote hosts? And to have the ability to change the permissions remotely? Either this is profoundly obvious or very obscure. :-( Can anyone recommend resources that discuss this issue? - -- James Moe moe dot james at sohnen-moe dot com 520.743.3936 -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.15 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAk2l4OcACgkQzTcr8Prq0ZPawgCgsJqhPWnEJeq2u5b6zGLIgXEH M4YAoIpRx1pC9N0Eagxoy1vInUhR3Amj =4Vzf -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] File Permissions 770 vs 760
Fred Legace wrote: I am running Ubuntu 10.04 LTS Server. snip My problem is if I use create mode = 770, WinXP users can only manage a 760 permission setting. That will not allow someone else in the group to set the file to readonly Well, I just checked a couple of recently created files from a WinXP client machine on our Ubuntu 10.04 LTS server. Quite dismayed at what I find! First off, this is our share: [data] comment = Shared Application Data Files path = /srv/shares/data guest ok = no read only = no create mask = 0666 directory mask = 0777 Wide open public dumping ground for data files! ;-) New directory, no surprises: drwxrwxrwx+ 2 mdlueck mdlueck4096 2010-12-30 09:14 2010 New files, however... -rwxrwxrwx+ 1 klueck klueck 226247 2010-12-30 15:16 -rw-rwxrw-+ 1 klueck klueck 379849 2010-12-30 15:16 No idea why ACL's are getting on the files. No idea why new files end up totally / partially executable. GREAT! :-( -- Michael Lueck Lueck Data Systems http://www.lueckdatasystems.com/ -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] File permissions getting destroyed with M$ software on ZFS
Hi, Thanks for your input. B.t.w., I use security = ADS I tried hundreds of combinations of configurations and options, but it just won't work. It works rather ok if you limit it to the Unix permissions ( plain user and group permissions ) , but as soon as you try to put an ace referring to an AD group, it totally looses track. example 1: root# ls -l /pool2/gisdata drwxrwx---+ 4 ackerra gis4 Oct 5 10:58 d1 drwxrwx--- 3 ackerra gis3 Oct 5 12:01 d2 drwxrwxr-x 2 regio-gis10 gis2 Oct 5 11:55 d3 root # ls -lvd /pool2/gisdata/d1 drwxrwx---+ 4 ackerra gis4 Oct 5 10:58 d1 0:group:regio-users:list_directory/read_data/read_xattr/execute /read_attributes/read_acl:allow 1:owner@:list_directory/read_data/add_file/write_data/add_subdirectory /append_data/write_xattr/execute/write_attributes/write_acl /write_owner/synchronize:file_inherit/dir_inherit:allow 2:group@:list_directory/read_data/add_file/write_data/add_subdirectory /append_data/execute/synchronize:file_inherit/dir_inherit:allow 3:group:regio-users:list_directory/read_data/read_xattr/execute /read_attributes/read_acl/synchronize:file_inherit/dir_inherit :allow I mount the share (/pool2/gisdata) on a XP workstation, being AD user 'regio-gis10', memeber of AD group 'regio-users' , having no unix account. In Windows explorer, I can see d2 and d3, but not d1 example 2: root # ls -lvd /pool2/gisdata/d2 drwxrwx--- 3 ackerra gis3 Oct 5 12:01 d2 0:owner@::deny 1:owner@:list_directory/read_data/add_file/write_data/add_subdirectory /append_data/write_xattr/execute/write_attributes/write_acl /write_owner:allow 2:group@::deny 3:group@:list_directory/read_data/add_file/write_data/add_subdirectory /append_data/execute:allow 4:everyone@:list_directory/read_data/add_file/write_data /add_subdirectory/append_data/write_xattr/execute/write_attributes /write_acl/write_owner:deny 5:everyone@:read_xattr/read_attributes/read_acl/synchronize:allow One would think that an arbitrary AD user ( regio-gis10 in this case ) does not have access on the directory d2, no ? Well, it is not the case ... via samba I could create a directory dx in d2, being the AD user 'regio-gis10'. root # ls -l /pool2/gisdata/d2 total 3 drwxrwx--- 2 regio-gis10 gis2 Oct 5 12:01 dx So sometimes I get extra permissions, sometimes I get too few permissions, but it is never right ... wbinfo, net ads and getent commands all work perfectly, and give the accurate info though. smb.conf : [gisdata] path = /pool2/gisdata #admin users = ackerra force group = gis read only = no create mask = 0660 directory mask = 0770 force unknown acl user = yes acl check permissions = no inherit permissions = yes inherit acls = yes #map acl inherit = yes store dos attributes = yes easupport = yes map read only = no map archive = no map hidden = no map system = no vfs objects = zfsacl nfs4:acedup = merge nfs4:mode = special zfsacl: aceorder = dontcare samba version is solaris bundled version 3.0.35 rgrds, -- View this message in context: http://samba.2283325.n4.nabble.com/File-permissions-getting-destroyed-with-M-software-on-ZFS-tp2915766p2955872.html Sent from the Samba - General mailing list archive at Nabble.com. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] File permissions getting destroyed with M$ software on ZFS
Please ignore previous message. I messed up some testing results I'm trying to clear out things straight first. -- View this message in context: http://samba.2283325.n4.nabble.com/File-permissions-getting-destroyed-with-M-software-on-ZFS-tp2915766p2954213.html Sent from the Samba - General mailing list archive at Nabble.com. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] File permissions getting destroyed with M$ software on ZFS
Hi, I see you use samba with zfs. But how on earth do you prevent the 'deny' aces from being the first in the ACL, and thus denying all access to the resource ? I'm able to add permissions via the MS UI ( I added an AD group 'regio-users' ) When I then create a file or folder via Samba, I get this on the Solaris box : root # ll -V db1.mdb -rw-rw+ 1 ackerra gis98304 Oct 4 11:49 db1.mdb group:regio-users:--x---:--:deny group:regio-users:r-x---a-Rs:--:allow owner@:--x---:--:deny owner@:rw-p---A-W-Co-:--:allow group@:--x---:--:deny group@:rw-p--:--:allow everyone@:rwxp---A-W-Co-:--:deny everyone@:--a-R-c--s:--:allow Thus denying all access to 'regio-users' How do you solve this ?( I defined the share exactly as you specified ) Rgrds, -- View this message in context: http://samba.2283325.n4.nabble.com/File-permissions-getting-destroyed-with-M-software-on-ZFS-tp2915766p2954071.html Sent from the Samba - General mailing list archive at Nabble.com. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] File permissions getting destroyed with M$ software on ZFS
I had a lot of problems with this as well.I found it hard to find much documentation on the zfs module in samba from either samba or sun. (PS- A big thumbs down to Sun and the OpenSolaris crowd for apparently abandoning samba.) I am running Samba 3.0.x from Sun on two servers and samba 3.4.x compiled from source on the third. I eventually opened a support case with Sun which did help (somewhat.) Did you check the permissions of the parent directory? There may be an inheritance issue. Usually the following worked for me: chmod -R A- thedirectory chmod -R A=owner@:rwxpdDaARWcCos:allow ?thedirectory chmod -R A+group@:rwxpdDaARWcCos:allow ?thedirectory My share defintions looks like the following (the nfs4 and zfsacl options were recommended by sun tech support.) vfs objects = zfsacl inherit permissions = Yes inherit acls = Yes nfs4:acedup = merge nfs4:chown = yes nfs4: mode = special mapread only = no ea support = yes store dos attributes = yes create mask = 0770 force create mode = 0600 directory mask = 0775 force directory mode = 0600 zfsacl: acesort = dontcare PS. Are your samba shares on top of autofs shares? If so, you may also need to do the following. # chmod A+user:nobody:aRc:allow thedirectory So far it seems to work OK. On 10/04/2010 06:06 AM, RegioGis wrote: Hi, I see you use samba with zfs. But how on earth do you prevent the 'deny' aces from being the first in the ACL, and thus denying all access to the resource ? I'm able to add permissions via the MS UI ( I added an AD group 'regio-users' ) When I then create a file or folder via Samba, I get this on the Solaris box : root # ll -V db1.mdb -rw-rw+ 1 ackerra gis98304 Oct 4 11:49 db1.mdb group:regio-users:--x---:--:deny group:regio-users:r-x---a-Rs:--:allow owner@:--x---:--:deny owner@:rw-p---A-W-Co-:--:allow group@:--x---:--:deny group@:rw-p--:--:allow everyone@:rwxp---A-W-Co-:--:deny everyone@:--a-R-c--s:--:allow Thus denying all access to 'regio-users' How do you solve this ?( I defined the share exactly as you specified ) Rgrds, -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] File permissions getting destroyed with M$ software on ZFS
Well, I think I got it fixed, but not sure if it is the correct way. This is what my share ens looks like now: [ens] comment = ENS Groups path = /XKA2/admin/ENS valid users = +admin force group = admin read only = No create mask = 0770 force create mode = 0770 security mask = 0770 directory mask = 02770 inherit permissions = Yes inherit acls = Yes nt acl support = No map archive = No map readonly = permissions store dos attributes = Yes vfs objects = zfsacl nfs4:acedup = merge nfs4:mode = special I changed nt acl support to No. On 10/1/10 8:15 AM, CJ Keist wrote: All, Running Samba 3.5.4 on Solaris 10 with ZFS file system. I have issues where we have shared group folders. In these folders a userA in GroupA create file just fine with the correct inherited permissions 660. Problem is when userB in GroupA reads and modifies that file, with M$ office apps, the permissions get whacked to 060+ and the file becomes read only by everyone. I did google this and found exactly someone else with the same problem with a fix! But the fix is not working for me, so looking for some more help and incite to this problem. The following are the two URLs I found which looked like a fix to my problem: http://lists.samba.org/archive/samba/2008-November/145094.html https://bugzilla.samba.org/show_bug.cgi?id=6050 I have implemented those settings, but I still see the problem of the file permissions getting whacked. Here is my conf file: [global] workgroup = ENGR_DOM server string = Samba Server interfaces = e1000g0, lo0 bind interfaces only = Yes security = DOMAIN passdb backend = smbpasswd client NTLMv2 auth = Yes map untrusted to domain = Yes log level = 1 log file = /var/log/samba/logs/log.%m name resolve order = host bcast unix extensions = No max open files = 1 load printers = No domain master = No dns proxy = No lock spin time = 3 veto oplock files = /*.doc/*.DOC/*.docx/*.DOCX/*.xlsx/*.XLSX/*.xls/*.XLS/*.ppt/*.PPT/*.pst/*.PST/*.mdb/*.MDB/*.ldb/*.LDB/*.vsd/*.VSD/*.dwg/*.DWG/*.cdr/*.CDR/ strict locking = No [homes] comment = Home Directories read only = No create mask = 0640 directory mask = 0751 force directory mode = 0751 directory security mask = 0750 inherit permissions = Yes inherit owner = Yes browseable = No level2 oplocks = No vfs objects = zfsacl nfs4:acedup = merge nfs4:mode = special [ens] comment = ENS Groups path = /XKA2/admin/ENS valid users = +admin force group = admin read only = No create mask = 0770 directory mask = 02770 inherit permissions = Yes inherit acls = Yes map archive = No map readonly = permissions vfs objects = zfsacl nfs4:acedup = merge nfs4:mode = special The issue is in the ENS share. I also have the ZFS file system aclmode and aclinherit set to passthrough, see output of zfs get all: kame % zfs get all fsdata/admin/ENS NAME PROPERTY VALUE SOURCE fsdata/admin/ENS type filesystem - fsdata/admin/ENS creation Mon Mar 15 14:47 2010 - fsdata/admin/ENS used 73.6G - fsdata/admin/ENS available 9.35T - fsdata/admin/ENS referenced73.6G - fsdata/admin/ENS compressratio 1.15x - fsdata/admin/ENS mounted yes- fsdata/admin/ENS quota none default fsdata/admin/ENS reservation none default fsdata/admin/ENS recordsize64K inherited from fsdata/admin fsdata/admin/ENS mountpoint/XKA2/admin/ENS inherited from fsdata fsdata/admin/ENS sharenfs rw,anon=0 inherited from fsdata/admin fsdata/admin/ENS checksum on default fsdata/admin/ENS compression on inherited from fsdata fsdata/admin/ENS atime off inherited from fsdata fsdata/admin/ENS devices on default fsdata/admin/ENS exec on default fsdata/admin/ENS setuidon default fsdata/admin/ENS readonly offdefault fsdata/admin/ENS zoned offdefault fsdata/admin/ENS snapdir hidden default fsdata/admin/ENS aclmode passthrough inherited from fsdata/admin fsdata/admin/ENS aclinheritpassthrough inherited from fsdata/admin fsdata/admin/ENS canmount on default fsdata/admin/ENS shareiscsi
Re: [Samba] File permissions
On Donnerstag, 3. Juni 2010 wrote Steve Wolfe: Samba 3.4.7-58.fc12, windows 7 client. I have a share where, if I right-click and chose properties, everything shows up as read only. I can un-check that, hit apply, and if I view the properties again, they are read only. Interestingly enough, I can go in and create files, modify files, rename files, delete files, etc.. However, some of the users' software checks for read-only status, and is throwing errors. Here's the smb.conf section: [Apps] path=/home/apps force user=appsuser force group=appsuser read only=no writeable=yes oplocks = False level2 oplocks = False Directory looks like this: drwxrwxr-x 94 appsuser appsuser 20K 2010-06-02 14:32 apps Files inside of it have permissions similar to these: -rwxr-xr-x1 appsuser appsuser 424K 2009-10-01 15:54 AAUTOLN.DLL -rwxr-xr-x1 appsuser appsuser 894 2008-07-23 08:37 Accounting.HSICTB Any clues? Windows is a little bit different; you should never use usergroups. Setting up a user appsuser and a group appsuser is not supported by Windows Server products and not supported by Samba Servers. -- regards Harry Jede -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] File permissions
Hi Steve, Do you have installed the acl ? also check if filesystem below have the option acl enabled. Saludos! 2010/6/3 Steve Wolfe bafena...@gmail.com Samba 3.4.7-58.fc12, windows 7 client. I have a share where, if I right-click and chose properties, everything shows up as read only. I can un-check that, hit apply, and if I view the properties again, they are read only. Interestingly enough, I can go in and create files, modify files, rename files, delete files, etc.. However, some of the users' software checks for read-only status, and is throwing errors. Here's the smb.conf section: [Apps] path=/home/apps force user=appsuser force group=appsuser read only=no writeable=yes oplocks = False level2 oplocks = False Directory looks like this: drwxrwxr-x 94 appsuser appsuser 20K 2010-06-02 14:32 apps Files inside of it have permissions similar to these: -rwxr-xr-x1 appsuser appsuser 424K 2009-10-01 15:54 AAUTOLN.DLL -rwxr-xr-x1 appsuser appsuser 894 2008-07-23 08:37 Accounting.HSICTB Any clues? -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] File permissions
It's not installed. I logged on as a domain administrator and unchecked the read only, now it still appears on directories, but NOT on individual files. The software now succeeds. I'd still like to fix the issue if possible, but if not... employees are able to work. :-D On Wed, Jun 2, 2010 at 4:25 PM, Jorge Alberto Garcia jorge.garcia.gonza...@gmail.com wrote: Hi Steve, Do you have installed the acl ? also check if filesystem below have the option acl enabled. Saludos! 2010/6/3 Steve Wolfe bafena...@gmail.com Samba 3.4.7-58.fc12, windows 7 client. I have a share where, if I right-click and chose properties, everything shows up as read only. I can un-check that, hit apply, and if I view the properties again, they are read only. Interestingly enough, I can go in and create files, modify files, rename files, delete files, etc.. However, some of the users' software checks for read-only status, and is throwing errors. Here's the smb.conf section: [Apps] path=/home/apps force user=appsuser force group=appsuser read only=no writeable=yes oplocks = False level2 oplocks = False Directory looks like this: drwxrwxr-x 94 appsuser appsuser 20K 2010-06-02 14:32 apps Files inside of it have permissions similar to these: -rwxr-xr-x1 appsuser appsuser 424K 2009-10-01 15:54 AAUTOLN.DLL -rwxr-xr-x1 appsuser appsuser 894 2008-07-23 08:37 Accounting.HSICTB Any clues? -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] File permissions
John H Terpstra wrote: On Sunday 18 January 2009 18:38:25 Daniel L. Miller wrote: Is it possible to define file rights, such that - The file is owned by root, with full privleges on the Linux server. The file is shared by a group users. The shared file should be available for read and write access. That part's easy - but now Deny delete, overwrite, or rename access to this file. Is this possible? -- Daniel Please explain how a user can have write access to a file but not overwrite access? The ability to write implies the ability to change the name as well as the contents of a file. Can you provide a clear description of what you really wish to achieve? - John T. Oh - you want me to tell you want I want to do, so you can tell me the right way how - instead of helping with the wrong way to do it? Geez... Ok, since you insist. I'm trying to accommodate Quickbooks (Enterprise Edition). Users need to be able to open the file for read write access or Quickbooks complains. However, I don't want the clients to be able to destroy the file (outside of Quickbooks). So I need to allow read/write via Samba - but I want to protect the file as much as possible. I have the UNIX file owned by root (which the QB SQL server runs as). The UNIX group ownership is the windows users. Setting the UNIX group privileges to read only results in QB errors. So I don't see how to protect it just using UNIX privileges - so I thought perhaps there was a way via Samba. I (mis)remember some Windoze ACL's might allow for this type of special access control. If Quickbooks used a real SQL interface, then it wouldn't be a problem. But...it doesn't. -- Daniel -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] File permissions
On Monday 19 January 2009 14:29:16 Daniel L. Miller wrote: John H Terpstra wrote: On Sunday 18 January 2009 18:38:25 Daniel L. Miller wrote: Is it possible to define file rights, such that - The file is owned by root, with full privleges on the Linux server. The file is shared by a group users. The shared file should be available for read and write access. That part's easy - but now Deny delete, overwrite, or rename access to this file. Is this possible? -- Daniel Please explain how a user can have write access to a file but not overwrite access? The ability to write implies the ability to change the name as well as the contents of a file. Can you provide a clear description of what you really wish to achieve? - John T. Oh - you want me to tell you want I want to do, so you can tell me the right way how - instead of helping with the wrong way to do it? Geez... Nice try. I'm only trying to help you. If a user has write access then the file can be overwritten or renamed. There is no getting around that. Ok, since you insist. I'm trying to accommodate Quickbooks (Enterprise Edition). Users need to be able to open the file for read write access or Quickbooks complains. However, I don't want the clients to be able to destroy the file (outside of Quickbooks). So I need to allow read/write via Samba - but I want to protect the file as much as possible. If I understand correctly Quickbooks is accessing the files over the Samba share. Correct? If so, then the file must be writable. Is it necessary for users to update the files within Quickbooks? I presume the answer is: Yes! If yes, this means the file must actually be writable - there is no escape from this need. Right? If not, then you can use the VFS module 'readonly' to fake read-write but actually not allow writing to the share. I have the UNIX file owned by root (which the QB SQL server runs as). The UNIX group ownership is the windows users. Setting the UNIX group privileges to read only results in QB errors. So I don't see how to protect it just using UNIX privileges - so I thought perhaps there was a way via Samba. I (mis)remember some Windoze ACL's might allow for this type of special access control. If Quickbooks used a real SQL interface, then it wouldn't be a problem. But...it doesn't. Sorry, I can;t help you there. Please speak with Quickbooks about your needs. That way you might help them to create a case to support other platforms. Cheers, John T. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] File permissions
On Mon, Jan 19, 2009 at 3:29 PM, Daniel L. Miller dmil...@amfes.com wrote: John H Terpstra wrote: On Sunday 18 January 2009 18:38:25 Daniel L. Miller wrote: Is it possible to define file rights, such that - The file is owned by root, with full privleges on the Linux server. The file is shared by a group users. The shared file should be available for read and write access. That part's easy - but now Deny delete, overwrite, or rename access to this file. Is this possible? -- Daniel Please explain how a user can have write access to a file but not overwrite access? The ability to write implies the ability to change the name as well as the contents of a file. Can you provide a clear description of what you really wish to achieve? - John T. Oh - you want me to tell you want I want to do, so you can tell me the right way how - instead of helping with the wrong way to do it? Geez... If you allow writing to a file there is no way to prevent overwriting the file with anything. I believe preventing renaming, and deleting are possible if you restrict the posix permissions so that writes on the folder are not permitted by the users. rename and a delete are write operations on the folder not the file. John -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] File permissions
On Sun, Jan 18, 2009 at 7:38 PM, Daniel L. Miller dmil...@amfes.com wrote: Is it possible to define file rights, such that - The file is owned by root, with full privleges on the Linux server. The file is shared by a group users. The shared file should be available for read and write access. That part's easy - but now Deny delete, overwrite, or rename access to this file. Is this possible? -- Deny write access on the folder. John -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] File permissions
On Sunday 18 January 2009 18:38:25 Daniel L. Miller wrote: Is it possible to define file rights, such that - The file is owned by root, with full privleges on the Linux server. The file is shared by a group users. The shared file should be available for read and write access. That part's easy - but now Deny delete, overwrite, or rename access to this file. Is this possible? -- Daniel Please explain how a user can have write access to a file but not overwrite access? The ability to write implies the ability to change the name as well as the contents of a file. Can you provide a clear description of what you really wish to achieve? - John T. -- John H Terpstra Don't do as I do; Show me better! If at first you don't succeed, don't go sky-diving! -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] File permissions
On Wed, Dec 3, 2008 at 12:42 PM, [EMAIL PROTECTED] wrote: Greetings, I'm running into a file permission issue. I have a share called data configured simply as: [data] read only = no path = /mnt/data For test purposes, I have a file called t.jpg. -rwx-- 1 bek bek63793 2008-12-03 11:17 t.jpg I'm logged in as matt on my local computer. If I try to open this file, I can't (which is what I expected). However, I can delete this file.. why? What are the permissions of the folder that this file is in? John -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] File permissions
755 root.matt I changed that to 755 root.root and changed the file permissions to 770 bek.trusted (matt is part of the 'trusted' group). Now I can open the file, but can't delete it.. I expected to be able to open it and delete it.. John Drescher [EMAIL PROTECTED] 12/03/2008 11:49 AM To [EMAIL PROTECTED] cc samba@lists.samba.org Subject Re: [Samba] File permissions On Wed, Dec 3, 2008 at 12:42 PM, [EMAIL PROTECTED] wrote: Greetings, I'm running into a file permission issue. I have a share called data configured simply as: [data] read only = no path = /mnt/data For test purposes, I have a file called t.jpg. -rwx-- 1 bek bek63793 2008-12-03 11:17 t.jpg I'm logged in as matt on my local computer. If I try to open this file, I can't (which is what I expected). However, I can delete this file.. why? What are the permissions of the folder that this file is in? John -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] File permissions
There are Acls Posix on the file or folder that the file is in? Regards, - iarly Selbir ( Ski0s ) On Wed, Dec 3, 2008 at 2:49 PM, John Drescher [EMAIL PROTECTED] wrote: On Wed, Dec 3, 2008 at 12:42 PM, [EMAIL PROTECTED] wrote: Greetings, I'm running into a file permission issue. I have a share called data configured simply as: [data] read only = no path = /mnt/data For test purposes, I have a file called t.jpg. -rwx-- 1 bek bek63793 2008-12-03 11:17 t.jpg I'm logged in as matt on my local computer. If I try to open this file, I can't (which is what I expected). However, I can delete this file.. why? What are the permissions of the folder that this file is in? John -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] File permissions
So then explicit file permissions mean nothing? After changing the parent directory to 770 and root.trusted, I was able to delete the file regardless of what the actual file permissions are.. John Drescher [EMAIL PROTECTED] 12/03/2008 12:00 PM To [EMAIL PROTECTED] cc samba@lists.samba.org Subject Re: [Samba] File permissions On Wed, Dec 3, 2008 at 12:56 PM, [EMAIL PROTECTED] wrote: 755 root.matt I changed that to 755 root.root and changed the file permissions to 770 bek.trusted (matt is part of the 'trusted' group). Now I can open the file, but can't delete it.. I expected to be able to open it and delete it.. Must have write permissions on the folder to delete. John -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] File permissions
On Wed, Dec 3, 2008 at 1:06 PM, [EMAIL PROTECTED] wrote: So then explicit file permissions mean nothing? After changing the parent directory to 770 and root.trusted, I was able to delete the file regardless of what the actual file permissions are.. See here about *nix file permissions: http://www.elated.com/articles/understanding-permissions/ John -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] File permissions
On Wed, Dec 03, 2008 at 11:56:26AM -0600, [EMAIL PROTECTED] wrote: 755 root.matt I changed that to 755 root.root and changed the file permissions to 770 bek.trusted (matt is part of the 'trusted' group). Now I can open the file, but can't delete it.. I expected to be able to open it and delete it.. Permission to delete a file in POSIX is an attribute of the containing directory (that's what you're modifying) not the file itself. Jeremy. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] File permissions
On Wed, Dec 3, 2008 at 12:56 PM, [EMAIL PROTECTED] wrote: 755 root.matt I changed that to 755 root.root and changed the file permissions to 770 bek.trusted (matt is part of the 'trusted' group). Now I can open the file, but can't delete it.. I expected to be able to open it and delete it.. Must have write permissions on the folder to delete. John -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] File permissions
please, if posible, post the output of the following two commands: #getfacl name_of_folder_where_file_is_in and # getfacl name_of_file_that_you_want_delete_and_alter Regards, - iarly Selbir ( Ski0s ) On Wed, Dec 3, 2008 at 2:56 PM, [EMAIL PROTECTED] wrote: 755 root.matt I changed that to 755 root.root and changed the file permissions to 770 bek.trusted (matt is part of the 'trusted' group). Now I can open the file, but can't delete it.. I expected to be able to open it and delete it.. John Drescher [EMAIL PROTECTED] 12/03/2008 11:49 AM To [EMAIL PROTECTED] cc samba@lists.samba.org Subject Re: [Samba] File permissions On Wed, Dec 3, 2008 at 12:42 PM, [EMAIL PROTECTED] wrote: Greetings, I'm running into a file permission issue. I have a share called data configured simply as: [data] read only = no path = /mnt/data For test purposes, I have a file called t.jpg. -rwx-- 1 bek bek63793 2008-12-03 11:17 t.jpg I'm logged in as matt on my local computer. If I try to open this file, I can't (which is what I expected). However, I can delete this file.. why? What are the permissions of the folder that this file is in? John -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] File permissions and Unix umask.
On Thu, Oct 09, 2008 at 12:58:41AM +1100, Gerry Marthe wrote: The relevant section from smb.conf on the samba server is: [common] comment = Common Area path = /common read only = no valid users = @users create mask = 0660 force create mode = 0660 force directory mode = 775 write list = @users force group = users directory mask = 0775 The share is mounted on a Linux system with the following command: mount.cifs //localhost/common /mnt/smb -o rw,uid=600,gid=504,user=abdv29,password=*** From what I have understood of the samba documentation, the various file creation masks specified by Samba do not override a client umask. You understood wrong. The server setting override all client requests. That's why they're *force* create mode. Jeremy. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] File permissions and Unix umask.
Hi Jeremy, Thanks - that does make sense. Can you tell me then why /bin/touch appears immune to the Samba settings? Gerry. On Wed, 2008-10-08 at 11:48 -0700, Jeremy Allison wrote: On Thu, Oct 09, 2008 at 12:58:41AM +1100, Gerry Marthe wrote: The relevant section from smb.conf on the samba server is: [common] comment = Common Area path = /common read only = no valid users = @users create mask = 0660 force create mode = 0660 force directory mode = 775 write list = @users force group = users directory mask = 0775 The share is mounted on a Linux system with the following command: mount.cifs //localhost/common /mnt/smb -o rw,uid=600,gid=504,user=abdv29,password=*** From what I have understood of the samba documentation, the various file creation masks specified by Samba do not override a client umask. You understood wrong. The server setting override all client requests. That's why they're *force* create mode. Jeremy. This message has been scanned for viruses and dangerous content by MailScanner and is believed to be clean. This message has been scanned for viruses and dangerous content by MailScanner and is believed to be clean. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] File permissions and Unix umask.
On Thu, Oct 09, 2008 at 11:18:49AM +1100, Gerry Marthe wrote: Hi Jeremy, Thanks - that does make sense. Can you tell me then why /bin/touch appears immune to the Samba settings? If you can make the CIFS client violate the forced settings on the Samba server that's a server bug and I'll fix it. Can you give me a specific example of this happening (with Samba and CIFSFS version numbers please) ? Jeremy. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] File permissions and Unix umask.
Yes Jeremy, it seems that I can make the CIFS client violate the forced settings on the Samba server. Specific example: /* As root, issue the following mount command from client. */ mount.cifs //10.0.1.5/common /mnt/smb -o rw,uid=500,user=abdv29,password=*** /* Switch user to abdv29 */ su - abdv29 /* Change directory to where the CIFS filesystem is mounted. */ cd /mnt/smb /* Set umask */ umask 0022 /* Create a couple of files using touch and echo. */ touch f1 echo xx f2 /* On a local EXT3 filesystem, I would expect the two files created above to each have the following symbolic permission: rw-r--r-- and this is indeed so. On the CIFS mount, I would expect the force create mode to override the umask in both cases, giving symbolic permission of: rw-rw-r-- This is so only for the file named f2 created with /bin/echo. The file created with /bin/touch has symbolic permissions of: rw-r--r-- indicating that the client has violated the Server force settings. */ I have verified this happens with the following Samba versions: 1) Samba server version 3.0.28 running on RHEL-5 Samba client version 3.2.3 running on Fedora 9. mount.cifs -V does not show version number, just display usage message. 2) Samba server version 3.2.3 running on Fedora 9. Samba client version 3.0.28 running on RHEL-5. mount.cifs -V show version 1.0 Let me know if you need more information. Gerry. On Wed, 2008-10-08 at 17:24 -0700, Jeremy Allison wrote: On Thu, Oct 09, 2008 at 11:18:49AM +1100, Gerry Marthe wrote: Hi Jeremy, Thanks - that does make sense. Can you tell me then why /bin/touch appears immune to the Samba settings? If you can make the CIFS client violate the forced settings on the Samba server that's a server bug and I'll fix it. Can you give me a specific example of this happening (with Samba and CIFSFS version numbers please) ? Jeremy. This message has been scanned for viruses and dangerous content by MailScanner and is believed to be clean. This message has been scanned for viruses and dangerous content by MailScanner and is believed to be clean. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] file permissions with inherit permission + ACL's
Carlos Rivera-Jones schrieb: drwxrws---+ 2 ralfgro ve6 2007-04-18 17:28 testdir 2770 [drwxrws--] permissions will force inherit at the file level system, ignoring Samba. Set the directory to 0770 permissions, and new items would be created with 660 as per smb.conf I removed the gid bit, but this doesn't change the permissions of new files. They are still 770. ls -la testshare insgesamt 8 drwxrwx---+ 2 ralfgro ve 25 2007-04-18 17:57 . drwxr-xr-x 5 rootroot63 2007-04-18 17:55 .. -rwxrwx---+ 1 ralfgro ralfgro 0 2007-04-18 17:56 testfile.txt Other thing is to insure that the main group for the user is the same for all users. Hm, the users that access this share are member of many groups and the main group will not always be the one of this share. But I think this will be handled by the default ACL's. Ralf -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] file permissions with inherit permission + ACL's
drwxrws---+ 2 ralfgro ve6 2007-04-18 17:28 testdir 2770 [drwxrws--] permissions will force inherit at the file level system, ignoring Samba. Set the directory to 0770 permissions, and new items would be created with 660 as per smb.conf Other thing is to insure that the main group for the user is the same for all users. Carlos -Original Message- From: Ralf Gross Sent: Wednesday, April 18, 2007 11:45 AM default:other::--- I created a new directory and a new file in this share. drwxrws---+ 2 ralfgro ve6 2007-04-18 17:28 testdir -rwxrwx---+ 1 ralfgro ve0 2007-04-18 17:28 testfile.txt # file: testdir # owner: ralfgro # group: ve user::rwx group::--- group:testgroup1:rwx group:testgroup2:rwx mask::rwx other::--- default:user::rwx default:group::--- default:group:testgroup1:rwx default:group:testgroup2:rwx default:mask::rwx default:other::--- The permissions of this new directory are fine. But new files should be created with 660 permissions, not 770. # file: testfile.txt # owner: ralfgro # group: ve user::rwx group::--- group:testgroup1:rwx group:testgroup2:rwx mask::rwx other::--- This is the relevant part of smb.conf: [testshare] force create mode = 0660 create mask = 0660 force directory mode = 2770 directory security mask = 2770 force directory security mode = directory mask = 2770 force security mode = security mask = 0770 inherit acls = yes inherit permissions = yes map archive = no map system = no ... Some of the options might be needless now, but I needed them as I used 'force group = ...' instead of 'inherit permissions'. I already played with the default mask ACL, but then I always ended with no executable bit on files _and_ directories which denies access to the new created directories... Any ideas? Ralf -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] File Permissions
Hi, You must use ACL's. Your Kernel+FileSystem must suport it and samba must have been compiled with acl support. But just one personnal remark, the path you're trying to walk (many different permissions at different directory levels) is a dangerous one. Trust me. I've been there, done that, and fortunely fled away from it. Best Regards, Bruno Guerreiro -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Dracula Sent: terça-feira, 11 de Abril de 2006 13:21 To: Samba Subject: [Samba] File Permissions Hello I trying to grasp the file permissions on Linux. I have Samba installed and functioning properly... I think I understand perimission in this environment with one exception: I need to add more than one group to a file/folder. With Windows..the security tab would allow any number of Groups and each group could have different permissions. (As well with files and subdirectories). With Linux Im not seeing this ability to add multiple groups to a file/folder. Is this a limitation to the Linux environment? We have several situations where we allow a user to List Content but down into the folder structure allow the user to Read some folders and others Read/Write. Thanks Regards, Komal -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] file permissions with samba shares
On 10/19/05, Jack Malone [EMAIL PROTECTED] wrote: I am wondering if there is a way I can setup permission on directories in the directory that I have setup for samba shares so that no one can move or delete them. The problem I am having of late is that someone from within windows will move the directories around Denying write permission to the parent directory should prevent someone from deleting or moving child directories. If that won't work, you might instead try using the audit or extd_audit vfs module to log directory moves and deletions. Then you could at least get after the responsible party. Josh Kelley -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] file permissions with samba shares
At 09:05 AM 10/19/2005, Josh Kelley wrote: On 10/19/05, Jack Malone [EMAIL PROTECTED] wrote: I am wondering if there is a way I can setup permission on directories in the directory that I have setup for samba shares so that no one can move or delete them. The problem I am having of late is that someone from within windows will move the directories around Denying write permission to the parent directory should prevent someone from deleting or moving child directories. If I do this will that make it where they can not put files into that directory or not. I'm thinking this is happening with drag an drop of files from someone that does not know what they are doing or even doing it. If that won't work, you might instead try using the audit or extd_audit vfs module to log directory moves and deletions. Then you could at least get after the responsible party. How is this setup, guess I need to see if I find it in the samba docs. thanks for the reply / info jack -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] file permissions head-ache on Samba V3.0.4
Hi Paul, You probably want to ensure you have EXT3 ACL support on your server, if it isn't already.. not sure if Redhate Enterprise supports this out of the box. I've found that editing permissions from a Windows NT 4.0 box leads to acls being set incorrectly on Samba - use win2k or higher. You probably also want to chown the directories to root, as once the users specified in the 'admin users' directive in smb.conf authenticate to the server they will be mapped in as root (you can see this when you ps aux |grep smbd). I've found the best way to start permissions wise is with owner root:root and permissions 0777 on the directory, and from the ACL editor in Windows restrict permissions that way. Hope this helps Tom -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of PaulD Sent: Thursday, 26 August 2004 11:06 p.m. To: [EMAIL PROTECTED] Subject: [Samba] file permissions head-ache on Samba V3.0.4 Hi, I hope that this is a quick answer, as it's probably been answered many times before and I'm just missing a very minor setting in my config. I have just setup a samba server(ver 3.0.4) on a Redhat Enterprise Linux Box ES3. The box has been setup as a member of a Windows NT4 domain, it's to be used as a fileserver for users on the NT domain. I have configured samba to use domain security, and have winbind working correctly (I think!!) - I can get the domain users and groups to show from a 'wbinfo -u or wbinfo -g. I have been trying (unsucessfully) to configure the /home directory so that the domain admins here can manage the subfolders and the permissions, from the server administrator or management console on their NT / 2000 workstations. I have used the following commands on the /home volume so that the domain admins/users can have access to the volume: chown DOMAIN+Administrator /home chgrp DOMAIN+Domain Users /home (both commands threw back no errors) I'm guessing that the problem may down to the smb.conf file but I'm not sure what I'm missing.. would be grateful if someone could assist. TIA Yahoo! Messenger - Communicate instantly...Ping your friends today! Download Messenger Now http://uk.messenger.yahoo.com/download/index.html -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] file permissions on home directories and admin user copying files to it
2003. november 13. 19.40 dtummal Christian Nabski ezt rta: We want to copy files with the group in the admin list of the [homes] share. The problem is that the copied files then are owned by root. I know this is normal unix behavior. However we want the copied files to be owned by the user of the homeshare. I read the samba howto section Users Cannot Write to a Public Share. Although I want to set the owner on the home shares and not on a public share. The mentioned section however does not seem to work on Redhat 7.3 nor RH AS 3 ? The group gets set correctly (gets changed to the group who owned the directory) but the user stays the same. I am wondering if this is a particular issue with the Redhat distribution or something else ? For now I tried this solution : in [homes] : root preexec = chown -R %S %P This works but I wonder if this is good solution ? Christian I use force user = %S setting in [homes]. This way anyone copies into this share (who has write access of course :-) ) the owner of files will be the same user. -- attiko -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] file permissions on home directories and admin user copying files to it
Hi Aaron, Thanks for your answer. I already set the create mask for files and directories : for files 0600 -- user can only write and read for directories 0700 -- directories can be read and entered (executed) by the user This however only sets the rights and not the ownership. The problem arises when an admin (in the adminlist) copies files from another drive/share/... to the home share of a user via samba. These copied files have then as owner root. The effect of this (0600 and root ) is that the user can not read or write to this file. This is in fact a test server for a customer. What they actually want is the behavior of windows : the copied files inherit the rights of the directory where they are created. eg : homedir : 0700 owner : the user group domain users The admin copies or created a file example.txt in homedir. -- rights of example.txt : 0600 owner the user group domain users The group ownership is possible with chmod g+s homedir or chmod 2700 homedir. If I would set a create mask for files as 0660 and for directories 0770 the problem would be solved but I wanted the restrict the rights to the ones set. And I don't want to maintain private groups (ala redhat) for these users. I am just wondering how other people do this with admins which don't know anything about unix file permissions ? Regards, Christian Aaron Collins [EMAIL PROTECTED] wrote on 13/11/2003 21:19:13: You should have a look at the create mask option, it says what the default permissions should be on files that get created. This will override the default unix behavior. See also inherit permissions , directory mask, force create mode and force directory mode I think these are the options your looking for in your smb.conf -Aaron c On Thu, 2003-11-13 at 11:40, Christian Nabski wrote: We want to copy files with the group in the admin list of the [homes] share. The problem is that the copied files then are owned by root. I know this is normal unix behavior. However we want the copied files to be owned by the user of the homeshare. I read the samba howto section Users Cannot Write to a Public Share. Although I want to set the owner on the home shares and not on a public share. The mentioned section however does not seem to work on Redhat 7.3 nor RH AS 3 ? The group gets set correctly (gets changed to the group who owned the directory) but the user stays the same. I am wondering if this is a particular issue with the Redhat distribution or something else ? For now I tried this solution : in [homes] : root preexec = chown -R %S %P This works but I wonder if this is good solution ? Christian -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] file permissions on home directories and admin user copying files to it
I don't think you really can change that, because the default nature of Unix is who ever creates a file owns it, no matter what directory it's in(As long as they have write access to that dir). Samba just does a remote-local mapping that grant the remote user whatever access they are mapped to, but when they create the file, they still own it. If you use a rpc or ads setup, and configure nss and pam together with it, you can make so that from windows you could manage file ownership(To a limited extent, ufs is not ntfs). But as far as making any file that's in a directory owned by who ever owns that dir, the only way I could think of to do it is to write a cron script that checks the dir ownership and sets all files and sub dirs to those permissions every x amount of time. -Aaron On Thu, 2003-11-13 at 17:11, Christian Nabski wrote: Hi Aaron, Thanks for your answer. I already set the create mask for files and directories : for files 0600 -- user can only write and read for directories 0700 -- directories can be read and entered (executed) by the user This however only sets the rights and not the ownership. The problem arises when an admin (in the adminlist) copies files from another drive/share/... to the home share of a user via samba. These copied files have then as owner root. The effect of this (0600 and root ) is that the user can not read or write to this file. This is in fact a test server for a customer. What they actually want is the behavior of windows : the copied files inherit the rights of the directory where they are created. eg : homedir : 0700 owner : the user group domain users The admin copies or created a file example.txt in homedir. -- rights of example.txt : 0600 owner the user group domain users The group ownership is possible with chmod g+s homedir or chmod 2700 homedir. If I would set a create mask for files as 0660 and for directories 0770 the problem would be solved but I wanted the restrict the rights to the ones set. And I don't want to maintain private groups (ala redhat) for these users. I am just wondering how other people do this with admins which don't know anything about unix file permissions ? Regards, Christian Aaron Collins [EMAIL PROTECTED] wrote on 13/11/2003 21:19:13: You should have a look at the create mask option, it says what the default permissions should be on files that get created. This will override the default unix behavior. See also inherit permissions , directory mask, force create mode and force directory mode I think these are the options your looking for in your smb.conf -Aaron c On Thu, 2003-11-13 at 11:40, Christian Nabski wrote: We want to copy files with the group in the admin list of the [homes] share. The problem is that the copied files then are owned by root. I know this is normal unix behavior. However we want the copied files to be owned by the user of the homeshare. I read the samba howto section Users Cannot Write to a Public Share. Although I want to set the owner on the home shares and not on a public share. The mentioned section however does not seem to work on Redhat 7.3 nor RH AS 3 ? The group gets set correctly (gets changed to the group who owned the directory) but the user stays the same. I am wondering if this is a particular issue with the Redhat distribution or something else ? For now I tried this solution : in [homes] : root preexec = chown -R %S %P This works but I wonder if this is good solution ? Christian -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] file permissions on home directories and admin user copying files to it
On Fri, 14 Nov 2003, Christian Nabski wrote: Hi Aaron, Thanks for your answer. I already set the create mask for files and directories : for files 0600 -- user can only write and read for directories 0700 -- directories can be read and entered (executed) by the user This however only sets the rights and not the ownership. The problem arises when an admin (in the adminlist) copies files from another drive/share/... to the home share of a user via samba. These copied files have then as owner root. The effect of this (0600 and root ) is that the user can not read or write to this file. Correct. The same happens when root copies files under UNIX. If you copy them as a normal user this does not happen. Root always overrides UNIX security. - John T. This is in fact a test server for a customer. What they actually want is the behavior of windows : the copied files inherit the rights of the directory where they are created. eg : homedir : 0700 owner : the user group domain users The admin copies or created a file example.txt in homedir. -- rights of example.txt : 0600 owner the user group domain users The group ownership is possible with chmod g+s homedir or chmod 2700 homedir. If I would set a create mask for files as 0660 and for directories 0770 the problem would be solved but I wanted the restrict the rights to the ones set. And I don't want to maintain private groups (ala redhat) for these users. I am just wondering how other people do this with admins which don't know anything about unix file permissions ? Regards, Christian Aaron Collins [EMAIL PROTECTED] wrote on 13/11/2003 21:19:13: You should have a look at the create mask option, it says what the default permissions should be on files that get created. This will override the default unix behavior. See also inherit permissions , directory mask, force create mode and force directory mode I think these are the options your looking for in your smb.conf -Aaron c On Thu, 2003-11-13 at 11:40, Christian Nabski wrote: We want to copy files with the group in the admin list of the [homes] share. The problem is that the copied files then are owned by root. I know this is normal unix behavior. However we want the copied files to be owned by the user of the homeshare. I read the samba howto section Users Cannot Write to a Public Share. Although I want to set the owner on the home shares and not on a public share. The mentioned section however does not seem to work on Redhat 7.3 nor RH AS 3 ? The group gets set correctly (gets changed to the group who owned the directory) but the user stays the same. I am wondering if this is a particular issue with the Redhat distribution or something else ? For now I tried this solution : in [homes] : root preexec = chown -R %S %P This works but I wonder if this is good solution ? Christian -- John H Terpstra Email: [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] file permissions on home directories and admin user copying files to it
So the only way to do this would be like in my initial mail ? in [homes] : root preexec = chown -R %S %P John H Terpstra [EMAIL PROTECTED] wrote on 14/11/2003 02:34:06: On Fri, 14 Nov 2003, Christian Nabski wrote: Hi Aaron, Thanks for your answer. I already set the create mask for files and directories : for files 0600 -- user can only write and read for directories 0700 -- directories can be read and entered (executed) by the user This however only sets the rights and not the ownership. The problem arises when an admin (in the adminlist) copies files from another drive/share/... to the home share of a user via samba. These copied files have then as owner root. The effect of this (0600 and root ) is that the user can not read or write to this file. Correct. The same happens when root copies files under UNIX. If you copy them as a normal user this does not happen. Root always overrides UNIX security. - John T. This is in fact a test server for a customer. What they actually want is the behavior of windows : the copied files inherit the rights of the directory where they are created. eg : homedir : 0700 owner : the user group domain users The admin copies or created a file example.txt in homedir. -- rights of example.txt : 0600 owner the user group domain users The group ownership is possible with chmod g+s homedir or chmod 2700 homedir. If I would set a create mask for files as 0660 and for directories 0770 the problem would be solved but I wanted the restrict the rights to the ones set. And I don't want to maintain private groups (ala redhat) for these users. I am just wondering how other people do this with admins which don't know anything about unix file permissions ? -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] File Permissions
hi, see example but chmod -R 0777 /files/pub on linux before note this maybe a security problem ## Section - [files] [files] readonly = No cscpolicy = disable comment = public files browseable = yes writeable = yes path = /files/pub guestok = yes - Original Message - From: [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Friday, October 31, 2003 5:20 PM Subject: [Samba] File Permissions I have set up Samba so that all users on my small network can read from my one of my Linux shares as well as write to that share. However, when user A saves a file to that share, user B can't open it -- and vice versa. How can I set up samba so that all files written to that share can be read, modified, and deleted by all users? Thanks in advance for an answer to this question. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] file permissions
On Mon, 2003-09-29 at 07:17, rob wrote: Hi i'm using samba as a file print server on suse 7.3, clients are windoze 95,2K,XP. basic problem is that sometimes the files created from a windows client have a ownership of root, this causes problems mainly with backup programs (as it affects/prevents the unix - dos archive bit mapping) as I don't then own it), i havn't set up a user root on the windows systems so how can this happen? i think this could happen as a result of the sticky bit being set on the directory. it could also be a force user or some other clause in the smb.conf... try to duplicate the problem and capture a level3 log of what is happening so you can understand it. btw if i set valid users to a set of user names this problem seems to go away, can anybody advise why the 'root' name appears hmm do you have administrator mapped to root in a username map? as an aside how do i clear a username/password for a network share in windoze, as just deleting the share doesn't seemd to do this. I'm not sure about this one -- but i think net use /d may work... brad -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
RE: [Samba] file permissions
What I've done to try to address this (and it seems to be working) is to: 1. add all of the users to a common group 2. chown the directory above the file to the group 3. chmod -R g+s the directory above the file 4. addinherit permissions = yes to smb.conf -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Richard Clemens Sent: Tuesday, February 25, 2003 16:10 To: [EMAIL PROTECTED] Subject: [Samba] file permissions Hello, I am having problems with multiple users being able to access the same file on a samba volume. I tried assigning the three users and the document all to a single group with no luck. So far we have had to chmod 777 the doc just to be able to read it. when a change is made the doc is reverted to the last person who changed it making it impossible for the next user to edit it. in addition, the group is changed back to the original settings as well. TIA Rich -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
RE: [Samba] File Permissions
I know I've seen the answer to this problem, even this week. Have you searched the mail archives? It had something to do with setting the sticky bit on the directory. Search and you will find. Josh -Original Message- From: kumar annamalai [mailto:[EMAIL PROTECTED]] Sent: Thursday, December 12, 2002 7:05 AM To: [EMAIL PROTECTED] Subject: [Samba] File Permissions Hi All I am using the PVCS application for the version control and this is in turn stored onto the unix system. We map it onto the windows using samba and use the same. my concern is when i use the pvcs , the files will be limited to the owners (unix) only and others will not be given privileges to use the same. If i want the others also to access the same i need to give the group permission also , but when given group permission the user will be free to delete the files too which cannot be tracked. is there any way to give users full access but the user should be restricted from deletion. Your response will be highly appreciated. Pls do the needfull . Thanks Regds Kumar __ Do you Yahoo!? Yahoo! Mail Plus - Powerful. Affordable. Sign up now. http://mailplus.yahoo.com -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
RE: [Samba] file permissions
-Original Message- From: Bradley W. Langhorst [mailto:[EMAIL PROTECTED]] Sent: Thursday, April 25, 2002 5:12 PM To: David McBride Cc: Samba email list (E-mail) Subject: Re: [Samba] file permissions On Thu, 2002-04-25 at 17:41, David McBride wrote: I have got my Samba file shareing to work, now I can not seem to get the permissions worked out like I would like. I would like admin and joe to have read and write access to all 4 folders. When I try to write to any folder except admin logged in as admin I can not write. you need to join admin and joe to the smbusers group and set the permissions on user1 and user2 to at least 775 for that to happen. Does this mean add them to the admins group? I have already done that, if it means something different can you please give more detailed explanation. I think that is an unusual configuration though - most users have exclusive write access to their home dirs (only root can also write there) This unusual config may be because Im looking at things from a windoze network poing of view. Take a small office situation for example: an office manager and some workers. The workers need only access to thier directories, but the office manage may need to save files for the workers to correct or retype or what ever. What would be the prefered way of setting groups and permissions for a situation loke this? you could make joe and admin admin users using the admin users directive Can some one direct me to a detailed document on how Linux handles file permissions or the best way to do samba fiel permissions. samba file perms ARE linux file permissionns (unless you are using ACLs) have a look at http://www.onlamp.com/pub/a/bsd/2000/09/06/FreeBSD_Basics.html BTW why does directory . and .. have different permissions? because . refers to this directory and .. refers to the one above this one. and they may have different permissions Users: admin, joe, user1, user2 Groups:admins, joe Smbusers:user01, user02 Group membership:admins-admin, joe smbusers-user01, user02 File permissions of data directory: drwxrwxrwxrootroot. drwxr xr x rootroot.. drwxr xr x admin admins admin drwxr xr x joe admins joe drwxr xr x user1 smbusersuser1 drwxr xr x user2 smbusersuser2 something is wrong with these - too many spaces between r and x for group and other. I just did that to make all the columbs line up. brad Thanks again, David -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
RE: [Samba] file permissions
you need to join admin and joe to the smbusers group and set the permissions on user1 and user2 to at least 775 for that to happen. Does this mean add them to the admins group? I have already done that, if it means something different can you please give more detailed explanation. nope i was saying you should make all of these user's files write accessable to each other - but in light of your comments below i don't think that is what you want. I think that is an unusual configuration though - most users have exclusive write access to their home dirs (only root can also write there) This unusual config may be because Im looking at things from a windoze network poing of view. Take a small office situation for example: an office manager and some workers. The workers need only access to thier directories, but the office manage may need to save files for the workers to correct or retype or what ever. What would be the prefered way of setting groups and permissions for a situation loke this? I think the usual way is to put users into their own group and managers into their own group the user directories would be owned by the users but the group is that of the managers That way no user can touch another user's files. Using your example drwxr xr x admin admins admin drwxr xr x joe admins joe drwxrwxr x user1 admins user1 drwxrwxr x user2 admins user2 if you need a place for members of smbusers to share files with each other you can add a shared directory owned by root with group smbusers and permissions 770 you could make joe and admin admin users using the admin users directive if you already did this and joe and admin dont have write access to everything then something is wrong. brad -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba