On Wednesday 22 Jan 2003 2:56 am, Steve Jeppesen wrote: > Howdy list members, > > I recently merged our home firewall/router and fileserver into one > computer using mandrake 9.0 (with latest updates). Because I am not > sure if I should use a lower level of msec, I set it to 4 because of the > recommendations given during the install stating that was level to > choose for a server. > > Now we do not have any thing secret or worth hacking into ....and just > to be safe we are not hiding any plans for weapons of mass destruction > on it either in case GWB is a member here (like yeah right!) so is it > really worth while keeping it on msec level 4? BTW, we are on a cable > connection here 24/7/365 and I am using Firestarter for the firewall > which nmap'ing from the outside shows it is doing it's job. > > The problem I am having now, is that samba is installed and is allowing > users into their home directories and allows other M$ clients to see > the other shared folders - just not any of the files in those folders. > The shared files/folders are located in /mnt/shared which shouldn't be a > problem right? > > The samba log for "moms" computer shows; > [2003/01/21 20:30:51, 0] smbd/service.c:make_connection(599) > moms (192.168.1.252) Can't change directory to /mnt/shared/southpark > (Permission denied) > > Before merging the two servers together, I had samba configured with > just individual users...since this problem has arised, I have created a > smbusers group and added all users to that section in /etc/group and > changed ownership of all shares except homes to smbusers....still no go > > Just a few mins ago, I found (serious newbie here!) a file; > /etc/security/fileshare.conf which has one line in it which reads; > RESTRICT=yes > > Does anybody know if having msec level 4 interfers with file sharing > with samba? If so, is it possible to change the above mentioned file to > read RESTRICT=no and also be able to keep msec level 4? > > Or should I downgrade to level 3? > > Or should I just give up and go out and empty my wallet for uncle Billy > and go back to M$? Smacking me upside the head and flaming welcomed > here to get my senses back! > > BTW, with the old setup when the fileserver was its own entity, > filesharing worked like a charm and I ended up reusing all the old smb > conf files...modified for the new network setup...apparently not enough > yet though. > > If I need to I can post any thing to help with this...but I believe it > to be a file owner/permission problems...of which I have tried to fix > via opening up ports 137, 138 and 139 on the firewall (no good) changed > owner ship to smbusers (no go) and even set all shares > read/write/execute (no go) > > TIA for any suggestions or advise > Steve
A quick look at MandrakeControlCentre>Security>SecurityPermissions shows that at level 4 the /mnt folder has permissions of 750 root:adm meaning that ordinary users do not even have the right to read them. At level 3 /mnt has permissions 755 root:root so they may be read by anyone, but not written to. So you can either reduce your level (Personally I run at level 2) or else select the 'Editable ' dropdown and write your own override to the selected level. Another option is to keep your shared files in somewhere they can be accessed in level 4 like /var derek -- ---------------------------------- www.jennings.homelinux.net
Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com