Nick, Perhaps you can explain how you would achieve your goals if the server was running Windows 2000 Server. If you can demonstrate a pure Windows solution maybe we could match that with Samba.
- John T. On Tue, 1 Apr 2003, Nick Drouet wrote: > I'm looking for some assistance regarding file permissions and the inability > to stop the execution of a file even though the execute permission has not > been set. > > Scenario > > I create a share. > I copy the notepad.exe from a windows client onto the share. > > >From Linux console: > > chown <user> notepad.exe > chmod 600 notepad.exe > > >From Windows client: > > I map a drive to the share and I am still able to run the notepad.exe file > from the share, even though executable permissions aren't set... > > I can remove the executable flag via the Windows GUI and the same occurs. > I've tried other executable files and the same occurs. If I chmod 222 to > remove any read rights, then I get the access denied that I would expect. > > > As far as user permissions are going, I've tried a number of options. > Originally I had a samba server as a member of a Windows NT Domain, using > Winbind to map user IDs. This also had ACL support with the 2.4.17acl kernel > and permissions were being set fine on multiple users from the NT domain. > I've stripped elements out until I now have just a samba server which is not > part of a domain and my windows user is in the smbpasswd file with matching > user Id and password. At all stages this problem occurs. I need to know if > I'm doing something very dumb here but the ability to stop users running > executables from a network share is critical. > > Clients are Windows 2000 / NT4 > Samba versions that I've tried are 2.2.8 and 2.0.0.15 (RPM from SuSE > installation CD). > Linux distros that I've tried are SuSE 7.2 and Redhat 7.2 > > Does anyone have any light they could throw onto why this is happening? > > I've seen a few threads regarding this in the samba general but no replies > so forgive if off topic slightly but could really do with some hints.. > > Relevant bits from my smb.conf are below. > > > > [global] > workgroup = DOMAIN2 > guest account = nobody > keep alive = 30 > os level = 2 > kernel oplocks = false > security = domain > encrypt passwords = yes > socket options = TCP_NODELAY > map to guest = Bad User > wins server = 192.168.1.80 > netbios name = samba1 > winbind uid = 1000-2000 > winbind gid = 1000-2000 > winbind cache time = 10 > winbind separator = + > password server = * > log file = /var/log/samba > log level = 1 > > [share3] > path = /share3 > comment = shared area > read only = no > browseable = yes > > > > > -- John H Terpstra Email: [EMAIL PROTECTED]
