Samba Problem

Justin Bennett justin.bennett at dynabrade.com
Thu Aug 1 09:01:51 EDT 2002 

Carl Yost Jr. wrote:

>Ok here is my issue :). We have a couple programs we run off the server, both database programs. Even while running off our Novell server, if the users didn't have full blown access to the directory the program will error on them. Which was no big deal, only users under Mas90 in Novell could see the folder anyways. Problem is now we try it under Linux, and are having issues. If I had the security set to 770 they wouldn't get any errors, but the files would not update for them. Basically it didn't work with that security level. Mas90 was the group for the folder also. So I made the security 777, which started working right away for everybody, files updated, everything worked again just like in Novell. Valid users are set to the adm, and mas90 group. So I am think all good I am back to the way it was under Novell. The folder is not browsable or public. I decided to login as a non adm/mas90 user. Also in samba I have security set to 770 thinking samba will lock out anyone that!
 !
>is not the owner or in the group. Well I log in as that user, I can get to the mas90 folder by \\servername\share, have full access to the folder, even though I am not owner or in the group. Can add/modify/delete. Did miss something here? No matter what security I set in samba if the Linux security itself is wide open samba can not lock them out? Any information is greatlyt appreciated.
>
>  Carl
>
>--
>This message has been scanned for viruses and
>dangerous content by Dynabrade using Mailscanner,
>and is believed to be clean.
>  
>
Ok Samba will controll who gets to see the share, but linux filesystems 
controll who can read and write. (samba can do a little of that). Whats 
your smb.conf look like for this entry do you have valid users set in 
smb.conf to allow only users of those groups to map that share.
One of mine.

Notice Write list and valid users, the @ means group. if your not in one 
of those groups you can't map or browse the share. I had to do it this 
way because I have guys in multiple groups that need full access to this 
share. so I make the linux file perms wide open, and use samba to 
controll who can use the share (good thing no users have shell access :) )


[automotive]
   comment = Automotive Engineering Resources
   path = /proj/automotive
   browseable = yes
   public = no
   write list = @auto, @eng, @virtub
   valid users = @auto, @eng, @virtub
   force group = auto
   force create mode = 0666
   force directory mode = 0777

More information about the nflug mailing list