Samba Problem

Carl Yost Jr. carlyos at Buffalo.com
Thu Aug 1 09:30:52 EDT 2002


They shouldn't even be able to use the name to even see it then all correct? \\servername\share should also fail?




---------- Original Message ----------------------------------
From: Justin Bennett <justin.bennett at dynabrade.com>
Reply-To: nflug at nflug.org
Date: Thu, 01 Aug 2002 09:20:44 -0400

>Carl Yost Jr. wrote:
>
>>Justin,
>>  Everything looks the same there in my smb.conf, except I don't have the force group option there. Would that make the difference? LOL also I breathe easy knowing only myself, and root have shell access :D. 
>>
>>  Carl
>>
>>
>>
>>
>>---------- Original Message ----------------------------------
>>From: Justin Bennett <justin.bennett at dynabrade.com>
>>Reply-To: nflug at nflug.org
>>Date: Thu, 01 Aug 2002 09:01:51 -0400
>>
>>  
>>
>>>Carl Yost Jr. wrote:
>>>
>>>    
>>>
>>>>Ok here is my issue :). We have a couple programs we run off the server, both database programs. Even while running off our Novell server, if the users didn't have full blown access to the directory the program will error on them. Which was no big deal, only users under Mas90 in Novell could see the folder anyways. Problem is now we try it under Linux, and are having issues. If I had the security set to 770 they wouldn't get any errors, but the files would not update for them. Basically it didn't work with that security level. Mas90 was the group for the folder also. So I made the security 777, which started working right away for everybody, files updated, everything worked again just like in Novell. Valid users are set to the adm, and mas90 group. So I am think all good I am back to the way it was under Novell. The folder is not browsable or public. I decided to login as a non adm/mas90 user. Also in samba I have security set to 770 thinking samba will lock out anyone t!
h!
>a!
>>>>      
>>>>
>>t!
>>  
>>
>>>!
>>>    
>>>
>>>>is not the owner or in the group. Well I log in as that user, I can get to the mas90 folder by \\servername\share, have full access to the folder, even though I am not owner or in the group. Can add/modify/delete. Did miss something here? No matter what security I set in samba if the Linux security itself is wide open samba can not lock them out? Any information is greatlyt appreciated.
>>>>
>>>> Carl
>>>>
>>>>--
>>>>This message has been scanned for viruses and
>>>>dangerous content by Dynabrade using Mailscanner,
>>>>and is believed to be clean.
>>>> 
>>>>
>>>>      
>>>>
>>>Ok Samba will controll who gets to see the share, but linux filesystems 
>>>controll who can read and write. (samba can do a little of that). Whats 
>>>your smb.conf look like for this entry do you have valid users set in 
>>>smb.conf to allow only users of those groups to map that share.
>>>One of mine.
>>>
>>>Notice Write list and valid users, the @ means group. if your not in one 
>>>of those groups you can't map or browse the share. I had to do it this 
>>>way because I have guys in multiple groups that need full access to this 
>>>share. so I make the linux file perms wide open, and use samba to 
>>>controll who can use the share (good thing no users have shell access :) )
>>>
>>>
>>>[automotive]
>>>  comment = Automotive Engineering Resources
>>>  path = /proj/automotive
>>>  browseable = yes
>>>  public = no
>>>  write list = @auto, @eng, @virtub
>>>  valid users = @auto, @eng, @virtub
>>>  force group = auto
>>>  force create mode = 0666
>>>  force directory mode = 0777
>>>
>>>
>>>
>>>    
>>>
>>
>>--
>>This message has been scanned for viruses and
>>dangerous content by Dynabrade using Mailscanner,
>>and is believed to be clean.
>>  
>>
>
>No thats just so that they all have the same group, cuz I got 3 groups 
>writing to the same area. You have the valid users huh? Then if their 
>not in one of those groups they shouldn't be able to map the share at all.
>
>
>
>-- 
>-------------------------------------------
>Justin Bennett
>Red Hat (Linux) Certified Engineer
>Network Administrator
>Dynabrade Inc.
>8989 Sheridan Dr
>Clarence, NY 14031
>716-631-0100 ext 215
>
>
>
>



More information about the nflug mailing list