Re: [Samba] PDC directory permission fail

Tue, 05 Jan 2010 17:51:49 -0800 

Dear Serg and All
Сергей wrote:

Hello, Bino!


I use webmin to do the samba PDC configuration

IMHO, insuffisient

Agree ...
I did some direct edit to conf file


[warehouse]
        comment = Files of warehouse
        writeable = yes
        path = /hdd2/samba/groupfiles/warehouse

when I create that share via webmin i use option :
a. mode : 775
b. Create user : Root
c. Create Group : warehouse.
4. From my XP station , I login to that domain with user name "wh01", the results is : 
a. Successfull login
b. wh01 can create a file in the home directory (/home/wh01)



But, wh01 can not write file to share "warehouse"

Which permission to the new file? May be 644? :)
IMHO, user have right to write directory, but have not right to write file.
Look man smb.conf for "force create mode", "force directory mode" or 
http://wiki.samba.org/index.php/Frequently_Asked_Questions#inherit_permissions



Thankyou for your enlightment
I read that documentation, but I don't want uuser to be able to execute things in directory 
So I chage the share to :
[warehouse]
   create mode = 660
   path = /hdd2/samba/groupfiles/warehouse
   directory mode = 660
   force group = warehouse

(and the dircory is auto created with user:group as root:warehouse)
Still the user with group "warehouse" can not access (event just "open") the directory
so I try to delete the share ... manualy remove the dir , and re create the share (and dir) with : 
[warehouse]
   create mode = 760
   path = /hdd2/samba/groupfiles/warehouse
   directory mode = 760
   force group = warehouse
Still the user with group "warehouse" can not access (event just "open") the directory
Again, I try to delete the share ... manualy remove the dir , and re create the share (and dir) with : 
[warehouse]
   create mode = 770
   path = /hdd2/samba/groupfiles/warehouse
   directory mode = 770
   force group = warehouse


And ... voila ... the user can access (read-write) into the shares ...
But it'll means that the user can also "execute" somethings inside directory ... right ?
Why we need the "execute" bit in directory permission just to let the user to "read and write only" ? 

Just fyi, my system is based on :
++ Ubuntu Jaunty
++ Samba 3.32

Sincerely
-bino-
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Reply via email to