Samba List - Like most people new to Samba, I'm having the most trouble setting up permissions.
First of all, let me get this straight: if you use security = domain, you do not need to set up individual users on the Linux box (in an NT domain), correct? I want all users to be able to read the files in LSSNET, and only specific users allowed to write to it. If the folder is 775 and the group owner is LSS_A+Domain Users everyone has read and write access. Then to deny the write access I add read list and write list as below. Now even though I am in all the groups and my individual user is in write list, I don't have write access. This is because I'm also in Domain Users and the read list overrides all Samba permissions The other options is to change the folder to 755, but then no matter what groups I add to write access, they will not override the Unix permissions. This means I have no way to give all users read access and only some users write access without actually creating the users on the local linux box...and that defeats the purpose of the security = domain ? ? ? Thanks in advance for anybody who can solve this. Paul #####SETUP##### root# ls -lah drwxrwxr-x 36 root LSS_A+Domain Users 4.0K Sep 29 08:46 lssnet [global] workgroup = LSS_A server string = Intranet Server log file = /var/log/samba/%m.log max log size = 500 security = domain password server = lss_pdc bdc1 bdc2 encrypt passwords = yes smb passwd file = /usr/local/samba/private/smbpasswd ####Winbind#### # This section added by PJR 5/25/04 # Include winbind NT domain support winbind separator = + winbind uid = 10000-20000 winbind gid = 10000-20000 winbind use default domain = no winbind cache time = 20 winbind enum users = yes winbind enum groups = yes # Most people will find that this option gives better performance. # See speed.txt and the manual pages for details # Browser Control Options: # set local master to no if you don't want Samba to become a master # browser on your network. Otherwise the normal election rules apply local master = no # WINS Server - Tells the NMBD components of Samba to be a WINS Client # Note: Samba can be either a WINS Server, or a WINS Client, but NOT both wins server = 206.145.30.12 # DNS Proxy - tells Samba whether or not to try to resolve NetBIOS names # via DNS nslookups. The built-in default for versions 1.9.17 is yes, # this has been changed in version 1.9.18 to no. dns proxy = no force create mode = 0775 force directory mode = 0775 read only = yes veto oplock files = /*.cgi/ guest ok = no browseable = no writable = no # Note: This line is added for security purposes. The following # users should never have access to the Samba shares invalid users = root,bin,daemon,adm,sync,shutdown,halt,mail,news,uucp,operator,gopher [lssnet] path = /www/lssnet comment = Intranet Web Files read list = 'LSS_A+Domain Users' write list = LSS_A+pryan, 'LSS_A+Corp Tech', 'LSS_A+Domain Admins' Paul Ryan, Technology Specialist LSS Data Systems 6423 City West Parkway, Eden Prairie, MN 55344 952.941.1000
-- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
