-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 > Date: Sat, 01 Mar 2003 14:08:23 +0100 > From: AlF <[EMAIL PROTECTED]> > To: [EMAIL PROTECTED] > Subject: [Samba] Samba and LinuxMDK 9 file perms oddities? > Message-ID: <[EMAIL PROTECTED]> > Content-Type: text/plain; charset=us-ascii; format=flowed > MIME-Version: 1.0 > Content-Transfer-Encoding: 7bit > Precedence: list > Message: 1 > > Hi all > > I noticed a pretty strange behaviour regarding file permissions that > sometimes change without any reason. I need to share the following two > directories: > > /home/public (owner=root, group=root, perms=0777) > /home/users (owner=root, group=users, perms=0770) > > the /home directory is owned by root, the group is root and permissions > are set in this way: 0755. > The above dirs are shared using these instructions in smb.conf: > > [grp] > comment = Folder for group [%g] > path = /home/%g > guest ok = no > public = no > browseable = yes > writable = yes > create mask = 0660 > directory mask = 0770 > > [public] > comment = Public folder > path = /home/public > guest ok = no > public = no > browseable = yes > writable = yes > create mask = 0666 > directory mask = 0777 > > When a member of group "users" connects to the [public] or [grp] share > and interacts with them by creating dirs and/or files, something strange > happens because file permissions change to:
Are you sure it is when a user connects? > > /home/public (owner=root, group=root, perms=0755) > /home/users (owner=root, group=users, perms=0750) > > In a short words, the write flag disappears. As a result, the next time > that a user logs in or interacts with shares, he won't be able to write > files, create dirs, rename them and so on. > I tried to shut down and restart samba to discover if that change is > caused by the deamon itself and not by the use of the shares but I > observed that restarting doesn't change file perms. Does anybody know > the solution? What security level are you running? [bgmilne:/home/users/bgmilne]# cat /etc/sysconfig/msec If you are running security level 2 or higher, msec will reset permissions to not be group writeable on directories under /home. So, you should run draksec to customise this, or not use msec. [bgmilne:/usr/share/msec]# grep home perm.? |awk '{print $1 "\t" $2 "\t" $3}' perm.0:/home/ root.root 755 perm.0:/home/* current 755 perm.1:/home/ root.root 755 perm.1:/home/* current 755 perm.2:/home/ root.root 755 perm.2:/home/* current 755 perm.3:/home/ root.root 755 perm.3:/home/* current 711 perm.4:/home/ root.adm 751 perm.4:/home/* current 700 perm.5:/home/ root.root 711 perm.5:/home/* current 700 After making your changes in draksec, run: # msec <security level> to have msec set the permissions as it thinks they should be, or set them the way you want them, and run # msec to see if it leaves them alone now. Regards, Buchan P.S. I normally search the digests of this list for "mandrake", I would not have found your post since I do not search for MDK/mdk/md etc. It is also a good idea not to abbreviate if you intend other searches (Google etc) to find your post ... - -- |--------------Another happy Mandrake Club member--------------| Buchan Milne Mechanical Engineer, Network Manager Cellphone * Work +27 82 472 2231 * +27 21 8828820x121 Stellenbosch Automotive Engineering http://www.cae.co.za GPG Key http://ranger.dnsalias.com/bgmilne.asc 1024D/60D204A7 2919 E232 5610 A038 87B1 72D6 AC92 BA50 60D2 04A7 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQE+YzMLrJK6UGDSBKcRAstdAJ4sZBbp06bKYnixkWSaKAFPsD+IlgCgyauP LJIDZHhscR9f7e46Bv3W5SQ= =/1Or -----END PGP SIGNATURE----- -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba