Bino, The permissions should be 770 for directories. They need execute privileges for directories to be able to get access to the directories. You should be able to set the files for 660 though I don't believe it will keep windows from executing a file.
With 'force' before 'create mask' or 'directory mask' allows you to set bits. You should have 'create mask 660' to force files (other than directories) to not allow setting of the execute bit. And directories should usually be 'force directory mask 770' with maybe a 'directory mask 770' before this to prevent anyone allowing a directory to be read/writeable by everyone. James -----Original Message----- From: samba-boun...@lists.samba.org [mailto:samba-boun...@lists.samba.org] On Behalf Of samba-requ...@lists.samba.org Sent: Wednesday, January 06, 2010 2:00 PM To: samba@lists.samba.org Subject: samba Digest, Vol 85, Issue 6 ---------------------------------------------------------------------- Message: 1 Date: Wed, 06 Jan 2010 08:51:33 +0700 From: Bino Oetomo <b...@indoakses-online.com> To: ?????? <mail_of_ser...@mail.ru> Cc: samba@lists.samba.org Subject: Re: [Samba] PDC directory permission fail Message-ID: <4b43eca5.1010...@indoakses-online.com> Content-Type: text/plain; charset=KOI8-R; format=flowed Dear Serg and All ?????? wrote: > Hello, Bino! > > >> I use webmin to do the samba PDC configuration >> > IMHO, insuffisient > Agree ... I did some direct edit to conf file >> [warehouse] >> comment = Files of warehouse >> writeable = yes >> path = /hdd2/samba/groupfiles/warehouse >> >> when I create that share via webmin i use option : >> a. mode : 775 >> b. Create user : Root >> c. Create Group : warehouse. >> >> 4. From my XP station , I login to that domain with user name "wh01", >> the results is : >> a. Successfull login >> b. wh01 can create a file in the home directory (/home/wh01) >> > > >> But, wh01 can not write file to share "warehouse" >> > Which permission to the new file? May be 644? :) > IMHO, user have right to write directory, but have not right to write file. > Look man smb.conf for "force create mode", "force directory mode" or http://wiki.samba.org/index.php/Frequently_Asked_Questions#inherit_permi ssions > > Thankyou for your enlightment I read that documentation, but I don't want uuser to be able to execute things in directory So I chage the share to : [warehouse] create mode = 660 path = /hdd2/samba/groupfiles/warehouse directory mode = 660 force group = warehouse (and the dircory is auto created with user:group as root:warehouse) Still the user with group "warehouse" can not access (event just "open") the directory so I try to delete the share ... manualy remove the dir , and re create the share (and dir) with : [warehouse] create mode = 760 path = /hdd2/samba/groupfiles/warehouse directory mode = 760 force group = warehouse Still the user with group "warehouse" can not access (event just "open") the directory Again, I try to delete the share ... manualy remove the dir , and re create the share (and dir) with : [warehouse] create mode = 770 path = /hdd2/samba/groupfiles/warehouse directory mode = 770 force group = warehouse And ... voila ... the user can access (read-write) into the shares ... But it'll means that the user can also "execute" somethings inside directory ... right ? Why we need the "execute" bit in directory permission just to let the user to "read and write only" ? Just fyi, my system is based on : ++ Ubuntu Jaunty ++ Samba 3.32 Sincerely -bino- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
