Re: [Samba] Permissions problem
Le 24/12/2012 17:33, Michael B. Trausch a écrit : On 12/20/2012 10:05 AM, Bruno MACADRE wrote: If I copy this file in command line the mode is 660 as expected, If I want to simulate the file explorer behaviour I must do a 'cp --preserve=mode' copy. Is there a way to forbid this behaviour ? Or is there something wrong in my configuration ? The only way that I could think of would be to write a Samba VFS module that prevented invocation of the chown(2) and chmod(2) system calls (and friends). Such a VFS module would need to return a suitable error code, which would more than likely then be passed back to the client. Or you could simply "stub" the chown/chmod (and friends!) system calls such that they return success but are effectively no-ops. Someone else with more intimate experience with Samba's code may have a better option, but that's the only one I can think of at the moment. HTH, Mike That was a really good idea, I've just write "fake_chmod" VFS module that intercept chmod (and friends) invocations and return 0 without do anything. This module works perfectly. I tested it with nautilus and the final rights on the file are like expected. I haven't tested on win7 yet but I think that it should be the same behaviour. Thanks for your idea, Bruno -- Bruno MACADRE --- Ingénieur Systèmes et Réseau | Systems and Network Engineer Département Informatique | Department of computer science Responsable Réseau et Téléphonie | Telecom and Network Manager Université de Rouen | University of Rouen --- Coordonnées / Contact : Université de Rouen Faculté des Sciences et Techniques - Madrillet Avenue de l'Université - BP12 76801 St Etienne du Rouvray CEDEX FRANCE Tél : +33 (0)2-32-95-51-86 Fax : +33 (0)2-32-95-51-87 --- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Permissions problem
From: "Michael B. Trausch" Date: Mon, 24 Dec 2012 11:33:44 -0500 > On 12/20/2012 10:05 AM, Bruno MACADRE wrote: >> If I copy this file in command line the mode is 660 as expected, If I >> want to simulate the file explorer behaviour I must do a 'cp >> --preserve=mode' copy. >> >> Is there a way to forbid this behaviour ? Or is there something >> wrong in my configuration ? Does "unix extensions = no" help your problem? --- TAKAHASHI Motonobu -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Permissions problem
On 12/20/2012 10:05 AM, Bruno MACADRE wrote: > If I copy this file in command line the mode is 660 as expected, If I > want to simulate the file explorer behaviour I must do a 'cp > --preserve=mode' copy. > > Is there a way to forbid this behaviour ? Or is there something > wrong in my configuration ? The only way that I could think of would be to write a Samba VFS module that prevented invocation of the chown(2) and chmod(2) system calls (and friends). Such a VFS module would need to return a suitable error code, which would more than likely then be passed back to the client. Or you could simply "stub" the chown/chmod (and friends!) system calls such that they return success but are effectively no-ops. Someone else with more intimate experience with Samba's code may have a better option, but that's the only one I can think of at the moment. HTH, Mike -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Permissions problem
Hi, I've got a strange behaviour on a share when I copy files with files explorers (like Thunar, Nautilus, ...). This is the share configuration : [share1] comment = Share 01 path = /home/shares/share1 valid users = +share1 force group = share1 read only = No create mask = 0660 force create mode = 0660 directory mask = 1770 force directory mode = 1770 browseable = No strict locking = Yes When I copy/paste a file from my computer (which has 444 mode) to the share the resultant file has 444 mode (instead of the 660 expected). I think the mode was changed by the file explorer 'cause when the file was created on the share (and during the copy process) the mode is 660 (like expected) it's just at the end of the copy that the mode was change to reflect mode of the source file. If I copy this file in command line the mode is 660 as expected, If I want to simulate the file explorer behaviour I must do a 'cp --preserve=mode' copy. Is there a way to forbid this behaviour ? Or is there something wrong in my configuration ? Thanx by advance, Regards Bruno -- Bruno MACADRE --- Ingénieur Systèmes et Réseau | Systems and Network Engineer Département Informatique | Department of computer science Responsable Réseau et Téléphonie | Telecom and Network Manager Université de Rouen | University of Rouen --- Coordonnées / Contact : Université de Rouen Faculté des Sciences et Techniques - Madrillet Avenue de l'Université - BP12 76801 St Etienne du Rouvray CEDEX FRANCE Tél : +33 (0)2-32-95-51-86 Fax : +33 (0)2-32-95-51-87 --- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Permissions problem
Well, I've searched on samba.org why these two versions don't have the same behaviour and I found that's a bug in 3.3.0. So now the problem is a little bit different : I'm on a SAMBA 3.5.6 Server with this share : [partinfo] path=/shares/partinfo valid users = +info force user = %U force group = info write list = +info public = No create mask = 0660 directory mask = 0770 and localy : drwxrwx--T 21 root info 4096 2009-01-17 08:38 partinfo Localy the behaviour is Ok : User FOO put a file in /shares/partinfo : -rw-rw 1 foo info 9 2010-12-03 11:00 foo_file If user BAR wants to delete it : Permission Denied If user BAR wants to modify it : Ok Remotely the behaviour is Bad : If user BAR mount this share and try to delete the file foo_file : Permission Denied (Nice !) If user BAR try to modify it : Permission Denied (Not Nice...) ! I've tried lot of modifications into my smb.conf but nothing works. I want my share works identicaly localy and remotely !! I want that all users in info group can modify all files (except these without 'w' rights) but can only delete files that they own... I'm sure it's possible with SAMBA, but how ? Le 01/12/2010 15:53, Bruno MACADRE a écrit : Permissions for the share are the same in 3.3.0 and 3.5.6, like this : drwxrwx--- 21 root info 4096 2009-01-17 08:38 partinfo thx, Le 01/12/2010 12:14, George Mamalakis a écrit : On 01/12/2010 11:38, Bruno MACADRE wrote: Hello all, I've got an old server running SAMBA 3.3.0. I've some shares on it. All shares looks like this : [partinfo] path=/shares/partinfo valid users = +info force user = %U force group = info read only = No create mask = 0660 directory mask = 0770 All works perfectly : When I create a file on this share other users in the info group can modify it but nobody can delete it (exactly that i want). But, it's time to change our server and to put a newer version of SAMBA (3.5.6). On the new server, the behaviour is totaly different (with the same smb.conf file) : When I create a new file, other users n the group info can modify it AND delete it (exactly that i don't want) !!! Worst ! When I put in this share (localy in root) a file like this : # echo "Test" >/shares/partinfo/testfile # chown root.root /shares/partinfo/testfile # chmod 600 /shares/partinfo/testfile When I return to my share (like above) with my user (not admin user) I can delete the file 'testfile' without any problem !!! I think this behaviour is not the 'normal' behaviour. What can I've missed ? Does anyone have any tips ? Regards, Bruno. Please, show as the /shares/partinfo permissions (which is responsible for reading/writing content into it). Thanx, mamalos -- Bruno MACADRE --- Ingénieur Systèmes et Réseau | Systems and Network Engineer Département Informatique | Department of computer science Responsable Réseau et Téléphonie | Telecom and Network Manager Université de Rouen | University of Rouen --- Coordonnées / Contact : Université de Rouen Faculté des Sciences et Techniques - Madrillet Avenue de l'Université - BP12 76801 St Etienne du Rouvray CEDEX FRANCE Tél : +33 (0)2-32-95-51-86 Fax : +33 (0)2-32-95-51-87 --- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Permissions problem
Permissions for the share are the same in 3.3.0 and 3.5.6, like this : drwxrwx--- 21 root info4096 2009-01-17 08:38 partinfo thx, Le 01/12/2010 12:14, George Mamalakis a écrit : On 01/12/2010 11:38, Bruno MACADRE wrote: Hello all, I've got an old server running SAMBA 3.3.0. I've some shares on it. All shares looks like this : [partinfo] path=/shares/partinfo valid users = +info force user = %U force group = info read only = No create mask = 0660 directory mask = 0770 All works perfectly : When I create a file on this share other users in the info group can modify it but nobody can delete it (exactly that i want). But, it's time to change our server and to put a newer version of SAMBA (3.5.6). On the new server, the behaviour is totaly different (with the same smb.conf file) : When I create a new file, other users n the group info can modify it AND delete it (exactly that i don't want) !!! Worst ! When I put in this share (localy in root) a file like this : # echo "Test" >/shares/partinfo/testfile # chown root.root /shares/partinfo/testfile # chmod 600 /shares/partinfo/testfile When I return to my share (like above) with my user (not admin user) I can delete the file 'testfile' without any problem !!! I think this behaviour is not the 'normal' behaviour. What can I've missed ? Does anyone have any tips ? Regards, Bruno. Please, show as the /shares/partinfo permissions (which is responsible for reading/writing content into it). Thanx, mamalos -- Bruno MACADRE --- Ingénieur Systèmes et Réseau | Systems and Network Engineer Département Informatique | Department of computer science Responsable Réseau et Téléphonie | Telecom and Network Manager Université de Rouen | University of Rouen --- Coordonnées / Contact : Université de Rouen Faculté des Sciences et Techniques - Madrillet Avenue de l'Université - BP12 76801 St Etienne du Rouvray CEDEX FRANCE Tél : +33 (0)2-32-95-51-86 Fax : +33 (0)2-32-95-51-87 --- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Permissions problem
On 01/12/2010 11:38, Bruno MACADRE wrote: Hello all, I've got an old server running SAMBA 3.3.0. I've some shares on it. All shares looks like this : [partinfo] path=/shares/partinfo valid users = +info force user = %U force group = info read only = No create mask = 0660 directory mask = 0770 All works perfectly : When I create a file on this share other users in the info group can modify it but nobody can delete it (exactly that i want). But, it's time to change our server and to put a newer version of SAMBA (3.5.6). On the new server, the behaviour is totaly different (with the same smb.conf file) : When I create a new file, other users n the group info can modify it AND delete it (exactly that i don't want) !!! Worst ! When I put in this share (localy in root) a file like this : # echo "Test" >/shares/partinfo/testfile # chown root.root /shares/partinfo/testfile # chmod 600 /shares/partinfo/testfile When I return to my share (like above) with my user (not admin user) I can delete the file 'testfile' without any problem !!! I think this behaviour is not the 'normal' behaviour. What can I've missed ? Does anyone have any tips ? Regards, Bruno. Please, show as the /shares/partinfo permissions (which is responsible for reading/writing content into it). Thanx, mamalos -- George Mamalakis IT Officer Electrical and Computer Engineer (Aristotle Un. of Thessaloniki), MSc (Imperial College of London) Department of Electrical and Computer Engineering Faculty of Engineering Aristotle University of Thessaloniki phone number : +30 (2310) 994379 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Permissions problem
Hello all, I've got an old server running SAMBA 3.3.0. I've some shares on it. All shares looks like this : [partinfo] path=/shares/partinfo valid users = +info force user = %U force group = info read only = No create mask = 0660 directory mask = 0770 All works perfectly : When I create a file on this share other users in the info group can modify it but nobody can delete it (exactly that i want). But, it's time to change our server and to put a newer version of SAMBA (3.5.6). On the new server, the behaviour is totaly different (with the same smb.conf file) : When I create a new file, other users n the group info can modify it AND delete it (exactly that i don't want) !!! Worst ! When I put in this share (localy in root) a file like this : # echo "Test" >/shares/partinfo/testfile # chown root.root /shares/partinfo/testfile # chmod 600 /shares/partinfo/testfile When I return to my share (like above) with my user (not admin user) I can delete the file 'testfile' without any problem !!! I think this behaviour is not the 'normal' behaviour. What can I've missed ? Does anyone have any tips ? Regards, Bruno. -- Bruno MACADRE --- Ingénieur Systèmes et Réseau | Systems and Network Engineer Département Informatique | Department of computer science Responsable Réseau et Téléphonie | Telecom and Network Manager Université de Rouen | University of Rouen --- Coordonnées / Contact : Université de Rouen Faculté des Sciences et Techniques - Madrillet Avenue de l'Université - BP12 76801 St Etienne du Rouvray CEDEX FRANCE Tél : +33 (0)2-32-95-51-86 Fax : +33 (0)2-32-95-51-87 --- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] permissions problem with "hide dot files = No"
Hi, Running 3.0.28-0.2-1625-SUSE-CODE10, if in /etc/samba/smb.conf the "hide dot files" parameter is set to "No" then on the client I see $ touch hi touch: cannot touch `hi': Permission denied $ ls -alh total 4.0K drwxrwxr-x 10 500 users0 2010-05-20 14:27 . drwxr-xr-x 29 root root 4.0K 2010-05-18 16:36 .. ... -rw-r- 1 root users0 2010-05-20 14:27 hi ... $ rm hi rm: remove write-protected regular empty file `hi'? yes $ ls hi ls: cannot access hi: No such file or directory It does not seem the permissions of the directory matter, the files created are always owned by root despite the creating process saying "permission denied." And they are always deletable. No client-side options made any difference until we stumbled upon "hide dot files = Yes" which worked, and now files are created correctly with proper permissions. cheers, stephan PS: the entry in smb.conf [xxx] inherit acls = Yes path = /xxx read only = No valid users = browseable = Yes writeable = yes hide dot files = Yes inherit permissions = Yes admin users = xxx create mask = 660 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Fwd: Samba permissions problem, winbind auth, ldap nss
Sorry folks - false alarm. A bit of searching in the archives showed me that I needed: admin users = DOMAIN\username Fixed the problem. Carry on... -- Forwarded message -- From: Eddy Sturg Date: Wed, Apr 7, 2010 at 10:40 AM Subject: Samba permissions problem, winbind auth, ldap nss To: samba@lists.samba.org Greetings list, I'm having a problem setting file permissions for users connecting to my samba file server. CentOS 5.4, samba-3.0.33-3.15.el5_4.1. I have authentication configured to use winbind, and name services configured to use LDAP. I've configured valid users in smb.conf to contain DOMAIN\username for the users I want to be able to connect. They can browse the share just fine, and they have group ownership, mode 775. What I'm confused about is that they can create a new file or directory, but they cannot delete or rename a file or directory - even one they've created. If I create a test file, give it a mode of 777, they cannot rename or delete (or edit) that file. Also - I have read only = no in smb.conf for that share. Any suggestions on what I am missing would be most appreciated. Thanks, Eddy -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Samba permissions problem, winbind auth, ldap nss
Greetings list, I'm having a problem setting file permissions for users connecting to my samba file server. CentOS 5.4, samba-3.0.33-3.15.el5_4.1. I have authentication configured to use winbind, and name services configured to use LDAP. I've configured valid users in smb.conf to contain DOMAIN\username for the users I want to be able to connect. They can browse the share just fine, and they have group ownership, mode 775. What I'm confused about is that they can create a new file or directory, but they cannot delete or rename a file or directory - even one they've created. If I create a test file, give it a mode of 777, they cannot rename or delete (or edit) that file. Also - I have read only = no in smb.conf for that share. Any suggestions on what I am missing would be most appreciated. Thanks, Eddy -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Permissions problem with Windows Vista / 7 clients, Debian Samba 3.4.7 server
On Mon, Mar 15, 2010 at 3:24 PM, Josh Kelley wrote: > I'm having a very strange permissions problem with Samba 3.4.7 (installed > via backports.org) running on Debian Lenny: > > If a Windows 7 or Windows Vista client tries to use Windows Explorer to > access a user's home directory with permissions 0700, the client gets a > permission denied error. > > If the directory is made world readable, it works. (For one user, group > readable also works. For another user, it does not.) > > Accessing the same directory from the command prompt ("dir > \\server\username") instead of from Windows Explorer works. > > Accessing the same directory from Windows Explorer in Windows XP works. > > This problem started when we upgraded from Samba 3.2.5 to Samba 3.4.7. > With Samba 3.2.5, our Vista users were fine, but Windows 7 was unable to > connect (login failed, apparently due to the NTLMv2 / 128-bit encryption > limitations that I read about online). > I managed to fix this problem. I had been using a username map script since Samba 3.0.24 to change "DOMAIN\username" to "username" so that users wouldn't have to SSH in to the (Winbind plus) Samba system as DOMAIN\username. Apparently, with Samba 3.4.7, this kind of username map is no longer necessary, and it was keeping Samba from treating users as domain users and properly resolving their SIDs. The Samba logfile does say that this is happening (with references to the Unix User domain and use of a S-1-22-1-... SID), but I had not looked at that part of the logfile. I really don't understand why username map is acting differently now, but since disabling it seems to work, I'm happy. -- Josh Kelley -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Permissions problem with Windows Vista / 7 clients, Debian Samba 3.4.7 server
I'm having a very strange permissions problem with Samba 3.4.7 (installed via backports.org) running on Debian Lenny: If a Windows 7 or Windows Vista client tries to use Windows Explorer to access a user's home directory with permissions 0700, the client gets a permission denied error. If the directory is made world readable, it works. (For one user, group readable also works. For another user, it does not.) Accessing the same directory from the command prompt ("dir \\server\username") instead of from Windows Explorer works. Accessing the same directory from Windows Explorer in Windows XP works. This problem started when we upgraded from Samba 3.2.5 to Samba 3.4.7. With Samba 3.2.5, our Vista users were fine, but Windows 7 was unable to connect (login failed, apparently due to the NTLMv2 / 128-bit encryption limitations that I read about online). Here's a snippet from the log file: [2010/03/15 15:09:58, 3] smbd/process.c:1273(switch_message) switch message SMBntcreateX (pid 10955) conn 0x884d9d0 [2010/03/15 15:09:58, 4] smbd/uid.c:256(change_to_user) change_to_user: Skipping user change - already user [2010/03/15 15:09:58, 5] smbd/filename.c:148(unix_convert) unix_convert called on file "" [2010/03/15 15:09:58, 5] smbd/filename.c:181(unix_convert) conversion finished "" -> . [2010/03/15 15:09:58, 3] smbd/vfs.c:865(check_reduced_name) reduce_name [.] [/home/jkelley] [2010/03/15 15:09:58, 3] smbd/vfs.c:974(check_reduced_name) reduce_name: . reduced to /home/jkelley [2010/03/15 15:09:58, 5] smbd/files.c:103(file_new) allocated file structure 11470, fnum = 15566 (2 used) [2010/03/15 15:09:58, 3] smbd/dosmode.c:149(unix_mode) unix_mode(.) returning 0700 [2010/03/15 15:09:58, 3] smbd/vfs.c:865(check_reduced_name) reduce_name [.] [/home/jkelley] [2010/03/15 15:09:58, 3] smbd/vfs.c:974(check_reduced_name) reduce_name: . reduced to /home/jkelley [2010/03/15 15:09:58, 4] smbd/open.c:1913(open_file_ntcreate) calling open_file with flags=0x0 flags2=0x0 mode=0700, access_mask = 0x81, open_access_mask = 0x81 [2010/03/15 15:09:58, 5] smbd/files.c:474(file_free) freed files structure 15566 (1 used) [2010/03/15 15:09:58, 5] smbd/open.c:2391(open_directory) open_directory: opening directory ., access_mask = 0x81, share_access = 0x7 create_options = 0x0, create_disposition = 0x1, file_attributes = 0x0 [2010/03/15 15:09:58, 3] smbd/error.c:60(error_packet_set) error packet at smbd/nttrans.c(563) cmd=162 (SMBntcreateX) NT_STATUS_ACCESS_DENIED Josh Kelley -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba Permissions Problem
On 1/22/2010 4:23 PM, Dale Schroeder wrote: On 01/22/2010 3:25 PM, Robert Steinmetz AIA wrote: Dale Schroeder wrote: On 01/21/2010 3:08 PM, Robert Steinmetz AIA wrote: I need help understanding what is happening and trouble shooting. I have two servers running Samba 2.3.3, one as a Domain Controller one as a Member Server. Both are running Ubuntu 8.10. smbd, nmbd and winbindd using the tdb back end are running on both. I have two shares on the member server and as far as I can tell they are identical. [Projects] works as expected but [Windows] always asks for a login name even though the smb.conf entries for both are are the same. If I comment out the "force group" in [Windows] users can access the share but there are errors writing and creating files. If I create a new share it acts as the [Windows] share. Here are the share definitions and a list of the files in the directory; [Projects] Comment = Project Files path = /files/Lucretia/Projects writeable = yes browseable = yes create mask = 0764 directory mask = 0775 force group = "ATLANTA\domain users" [Windows] comment = Atlanta Windows Files path = /files/Lucretia/Windows browseable = yes writeable = yes create mask = 0764 directory mask = 0775 force group = "ATLANTA\domain users" r...@louise:/files/Lucretia# ls -l total 66 drwxrwsr-x 2 root 1000148 2008-07-17 03:17 Arris -rw-r-Sr-- 1 root 10001 5952 2008-07-17 04:25 list drwxrwsr-x 74 ATLANTA\rob 10001 17040 2009-12-17 15:25 Office drwxrwsr-x 67 rob 10001 14456 1969-12-31 19:00 Office.orig drwxrwsr-x 51 ATLANTA\trish 10001 4528 2010-01-14 14:26 Projects drwxrwsr-x 8 ATLANTA\rob 10001 400 2009-07-10 15:52 Sigma drwxrwsr-x 6 rob 10001 304 2008-07-17 02:50 Sigma.old drwxrws*r-x* 314 ATLANTA\trish 10001 24280 2010-01-13 09:49 Windows Testparm shows no problems although it does rearrange the share definitions somewhat. The problem must be in windows permissions but I don't know how to check them, especially since I have only ssh access because the site is remote. I have to rely on local users for testing. How can I get a list of ATLANTA\domain admin group users? How can I change the permissions? Any possibility of acl's, especially default acl's? getfacl /files/Lucretia/Projects getfacl /files/Lucretia/Windows Looks like not; r...@louise:/etc/samba# getfacl /files/Lucretia/Projects getfacl: Removing leading '/' from absolute path names # file: files/Lucretia/Projects # owner: ATLANTA\134trish # group: 10001 user::rwx group::rwx other::r-x r...@louise:/etc/samba# getfacl /files/Lucretia/Windows getfacl: Removing leading '/' from absolute path names # file: files/Lucretia/Windows # owner: ATLANTA\134trish # group: 10001 user::rwx group::rwx *other::rwx * If it's not a typo, it is odd that ls and getfacl return different results for "other" in the "Windows" share ls = r-x getfacl = rwx Even if it's not a typo, it makes no sense that the share with the most permissions is the one that's inaccessible. This is a strange one. Dale I apparently changed the permissions between the two listings it is rwx for other now when I list the files in the directory. drwxrwsrwx 290 ATLANTA\trish 10001 23576 2010-01-20 15:51 Windows -- *Robert Steinmetz, AIA* Principal *Steinmetz & Associates* -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba Permissions Problem
Dale Schroeder wrote: On 01/21/2010 3:08 PM, Robert Steinmetz AIA wrote: I need help understanding what is happening and trouble shooting. I have two servers running Samba 2.3.3, one as a Domain Controller one as a Member Server. Both are running Ubuntu 8.10. smbd, nmbd and winbindd using the tdb back end are running on both. I have two shares on the member server and as far as I can tell they are identical. [Projects] works as expected but [Windows] always asks for a login name even though the smb.conf entries for both are are the same. If I comment out the "force group" in [Windows] users can access the share but there are errors writing and creating files. If I create a new share it acts as the [Windows] share. Here are the share definitions and a list of the files in the directory; [Projects] Comment = Project Files path = /files/Lucretia/Projects writeable = yes browseable = yes create mask = 0764 directory mask = 0775 force group = "ATLANTA\domain users" [Windows] comment = Atlanta Windows Files path = /files/Lucretia/Windows browseable = yes writeable = yes create mask = 0764 directory mask = 0775 force group = "ATLANTA\domain users" r...@louise:/files/Lucretia# ls -l total 66 drwxrwsr-x 2 root 1000148 2008-07-17 03:17 Arris -rw-r-Sr-- 1 root 10001 5952 2008-07-17 04:25 list drwxrwsr-x 74 ATLANTA\rob 10001 17040 2009-12-17 15:25 Office drwxrwsr-x 67 rob 10001 14456 1969-12-31 19:00 Office.orig drwxrwsr-x 51 ATLANTA\trish 10001 4528 2010-01-14 14:26 Projects drwxrwsr-x 8 ATLANTA\rob 10001 400 2009-07-10 15:52 Sigma drwxrwsr-x 6 rob 10001 304 2008-07-17 02:50 Sigma.old drwxrwsr-x 314 ATLANTA\trish 10001 24280 2010-01-13 09:49 Windows Testparm shows no problems although it does rearrange the share definitions somewhat. The problem must be in windows permissions but I don't know how to check them, especially since I have only ssh access because the site is remote. I have to rely on local users for testing. How can I get a list of ATLANTA\domain admin group users? How can I change the permissions? Any possibility of acl's, especially default acl's? getfacl /files/Lucretia/Projects getfacl /files/Lucretia/Windows Looks like not; r...@louise:/etc/samba# getfacl /files/Lucretia/Projects getfacl: Removing leading '/' from absolute path names # file: files/Lucretia/Projects # owner: ATLANTA\134trish # group: 10001 user::rwx group::rwx other::r-x r...@louise:/etc/samba# getfacl /files/Lucretia/Windows getfacl: Removing leading '/' from absolute path names # file: files/Lucretia/Windows # owner: ATLANTA\134trish # group: 10001 user::rwx group::rwx other::rwx -- Robert Steinmetz, AIA Principal Steinmetz & Associates -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba Permissions Problem
On 01/21/2010 3:08 PM, Robert Steinmetz AIA wrote: I need help understanding what is happening and trouble shooting. I have two servers running Samba 2.3.3, one as a Domain Controller one as a Member Server. Both are running Ubuntu 8.10. smbd, nmbd and winbindd using the tdb back end are running on both. I have two shares on the member server and as far as I can tell they are identical. [Projects] works as expected but [Windows] always asks for a login name even though the smb.conf entries for both are are the same. If I comment out the "force group" in [Windows] users can access the share but there are errors writing and creating files. If I create a new share it acts as the [Windows] share. Here are the share definitions and a list of the files in the directory; [Projects] Comment = Project Files path = /files/Lucretia/Projects writeable = yes browseable = yes create mask = 0764 directory mask = 0775 force group = "ATLANTA\domain users" [Windows] comment = Atlanta Windows Files path = /files/Lucretia/Windows browseable = yes writeable = yes create mask = 0764 directory mask = 0775 force group = "ATLANTA\domain users" r...@louise:/files/Lucretia# ls -l total 66 drwxrwsr-x 2 root 1000148 2008-07-17 03:17 Arris -rw-r-Sr-- 1 root 10001 5952 2008-07-17 04:25 list drwxrwsr-x 74 ATLANTA\rob 10001 17040 2009-12-17 15:25 Office drwxrwsr-x 67 rob 10001 14456 1969-12-31 19:00 Office.orig drwxrwsr-x 51 ATLANTA\trish 10001 4528 2010-01-14 14:26 Projects drwxrwsr-x 8 ATLANTA\rob 10001 400 2009-07-10 15:52 Sigma drwxrwsr-x 6 rob 10001 304 2008-07-17 02:50 Sigma.old drwxrwsr-x 314 ATLANTA\trish 10001 24280 2010-01-13 09:49 Windows Testparm shows no problems although it does rearrange the share definitions somewhat. The problem must be in windows permissions but I don't know how to check them, especially since I have only ssh access because the site is remote. I have to rely on local users for testing. How can I get a list of ATLANTA\domain admin group users? How can I change the permissions? Any possibility of acl's, especially default acl's? getfacl /files/Lucretia/Projects getfacl /files/Lucretia/Windows -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Samba Permissions Problem
I need help understanding what is happening and trouble shooting. I have two servers running Samba 2.3.3, one as a Domain Controller one as a Member Server. Both are running Ubuntu 8.10. smbd, nmbd and winbindd using the tdb back end are running on both. I have two shares on the member server and as far as I can tell they are identical. [Projects] works as expected but [Windows] always asks for a login name even though the smb.conf entries for both are are the same. If I comment out the "force group" in [Windows] users can access the share but there are errors writing and creating files. If I create a new share it acts as the [Windows] share. Here are the share definitions and a list of the files in the directory; [Projects] Comment = Project Files path = /files/Lucretia/Projects writeable = yes browseable = yes create mask = 0764 directory mask = 0775 force group = "ATLANTA\domain users" [Windows] comment = Atlanta Windows Files path = /files/Lucretia/Windows browseable = yes writeable = yes create mask = 0764 directory mask = 0775 force group = "ATLANTA\domain users" r...@louise:/files/Lucretia# ls -l total 66 drwxrwsr-x 2 root 1000148 2008-07-17 03:17 Arris -rw-r-Sr-- 1 root 10001 5952 2008-07-17 04:25 list drwxrwsr-x 74 ATLANTA\rob 10001 17040 2009-12-17 15:25 Office drwxrwsr-x 67 rob 10001 14456 1969-12-31 19:00 Office.orig drwxrwsr-x 51 ATLANTA\trish 10001 4528 2010-01-14 14:26 Projects drwxrwsr-x 8 ATLANTA\rob 10001 400 2009-07-10 15:52 Sigma drwxrwsr-x 6 rob 10001 304 2008-07-17 02:50 Sigma.old drwxrwsr-x 314 ATLANTA\trish 10001 24280 2010-01-13 09:49 Windows Testparm shows no problems although it does rearrange the share definitions somewhat. The problem must be in windows permissions but I don't know how to check them, especially since I have only ssh access because the site is remote. I have to rely on local users for testing. How can I get a list of ATLANTA\domain admin group users? How can I change the permissions? -- Robert Steinmetz, AIA Principal Steinmetz & Associates -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Permissions problem - I am in the proper group but still can't create files
On Wed, Jan 28, 2009 at 2:03 PM, Ryan Stille wrote: > ...I was forcing the group "nobody" because I need files that are created > through the samba share to be editable by the web server. For this purpose, I would use the "www-data" group or something similar. The "nobody" group, in my mind, should not be able to do much of anything, but perhaps that's a matter of preference. > Would you suggest just adding "nobody" to the "users" group? This wouldn't help you. You are forcing samba to use the group "nobody", but the files are not owned by the group "nobody". When forcing the user and group, you need to 1) make the forced user match the owner of the files or 2) make the forced group match the group that owns the files. Otherwise, your authenticated user only has access to the world permissions because he/she is not the owner or group that corresponds with the files in question. I would suggest thinking about the following: 1. Who should own the files? This is currently "root". You don't want Samba to use the root account (for security reasons), so you cannot use the owner permissions on the files and directories to determine what an authenticated Samba user can or can't do. If you find that another owner would make sense, then you can chown the files and make the "force user" directive match. 2. What group should own the files? It sounds like you need a group that both the authenticated Samba user and the web server user are a part of. I personally would not use "nobody", and even the "users" group has fairly widespread permissions for my taste. I prefer a web server operating under the "www-data" group, so I would chgrp the files and directories within the share to this account and use the "force group = www-data" directive to allow the authenticated Samba user to perform operations on this share using the filesystem group permissions. -Kyle -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Permissions problem - I am in the proper group but still can't create files
Kyle Rabe wrote: On Wed, Jan 28, 2009 at 1:18 PM, Ryan Stille wrote: [websites] comment = /home/WWW-data path = /home/WWW-data read only = no valid users = rps administrator create mask = 0664 directory mask = 0775 force user = administrator force group = nobody It looks like you're forcing Samba to use the "administrator" user and "nobody" group when a valid login is presented and this share is accessed. Since the "nobody" group does not have write permissions on your share, your authenticated user does not have write permissions. Try changing "force group" from "nobody" to "users" or simply removing the line (which might or might not work - I'm not sure). -Kyle Thank you, that did fix the problem. However I was forcing the group "nobody" because I need files that are created through the samba share to be editable by the web server. Would you suggest just adding "nobody" to the "users" group? I'm not sure why this worked on my other web servers... -Ryan -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Permissions problem - I am in the proper group but still can't create files
On Wed, Jan 28, 2009 at 1:18 PM, Ryan Stille wrote: > [websites] > comment = /home/WWW-data > path = /home/WWW-data > read only = no > valid users = rps administrator > create mask = 0664 > directory mask = 0775 > force user = administrator > force group = nobody It looks like you're forcing Samba to use the "administrator" user and "nobody" group when a valid login is presented and this share is accessed. Since the "nobody" group does not have write permissions on your share, your authenticated user does not have write permissions. Try changing "force group" from "nobody" to "users" or simply removing the line (which might or might not work - I'm not sure). -Kyle -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Permissions problem - I am in the proper group but still can't create files
I have a share created on my linux server. I can connect to it with the "administrator" user just fine. I need to be able to create files and directories with the administrator user, even in directories that are not owned by administrator. administrator is in the users group. Everything under the share is in the users group, and the group has write permission. So why can't administrator create files? If I chown the parent to administrator, then it works fine. But administrator is in the group, and the group has write permission. So why does it also have to be owned by administrator? I don't have this issue on all my other linux servers, just this new one (CentOS 5.2). Here is the folder I'm trying to create a file in: drwxrwxr-x 2 root users 4096 Jan 28 11:10 foo Here is the line from /etc/group: users:x:100:rps,administrator,root And here is my samba share: [websites] comment = /home/WWW-data path = /home/WWW-data read only = no valid users = rps administrator create mask = 0664 directory mask = 0775 force user = administrator force group = nobody Thanks for any help. -Ryan -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] permissions(?) problem? with samba and linux client (=>2.6.24)
Hi folks :-) using smbmount //ip/share /home/user0/share -o "username=xxx,password=xxx" I can mount the share samba dir on my client but: if I do: touch temp0 I see: touch: setting times of `temp0': No such file or directory or I can create new directory but I can't write on it. Using konqueror (smb://ip/share) I can create, remove and modify anything. I use cifs fs with samba 3.0.24 (debian stable) [...] [share] path=/share/temp/share guest ok = no writable = yes printable = no valid users = user0 force users = user0 case sensitive = yes dos charset = ISO8859-1 unix charset = ISO8859-1 display charset = ISO8859-1 [...] This problem happen only with new kernels (=>2.6.24) Can somebody help me please? Thanks! Pol -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Permissions problem
Hmmm, it seems that after a while it does work? Does anyone know how long it takes permissions to propagate? Scott -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Scott Braiding Sent: Monday, 23 April 2007 8:13 AM To: samba@lists.samba.org Subject: [Samba] Permissions problem Hi, I am running Samba 3.0.10-1.4E.11 under Centos 4.4 in a Win2K3 AD network. I have a share called data with permissions of 777 an owner of DomainName+Administrator and a group of DomainName+Domain Users. Under this share I have a number of directories that I have applied various permissions and groups depending on who is to access them. My problem, at present, is this. I have a user called Test who is in a group called Data-Test (amongst other groups). I also have a directory called testdir with an owner of DomainName+Administrator and a group of Domain+DataTest, permissions are set to 2770. When I login as the user Test, I can access the share - i.e data, but I cannot access the testdir under that share. In smb.conf I have set security to ADS with all the appropriate realm information - I can access the share with no problems, wbinfo works fine with a -t, -g and -u. The share has the following set in smb.conf [data] path = /data writeable = yes guest ok = yes create mask = 0770 directory mask = 0770 inherit permissions = yes Can anyone give me a hint as to what I have stuffed up? thanks Scott -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Permissions problem
Hi, I am running Samba 3.0.10-1.4E.11 under Centos 4.4 in a Win2K3 AD network. I have a share called data with permissions of 777 an owner of DomainName+Administrator and a group of DomainName+Domain Users. Under this share I have a number of directories that I have applied various permissions and groups depending on who is to access them. My problem, at present, is this. I have a user called Test who is in a group called Data-Test (amongst other groups). I also have a directory called testdir with an owner of DomainName+Administrator and a group of Domain+DataTest, permissions are set to 2770. When I login as the user Test, I can access the share - i.e data, but I cannot access the testdir under that share. In smb.conf I have set security to ADS with all the appropriate realm information - I can access the share with no problems, wbinfo works fine with a -t, -g and -u. The share has the following set in smb.conf [data] path = /data writeable = yes guest ok = yes create mask = 0770 directory mask = 0770 inherit permissions = yes Can anyone give me a hint as to what I have stuffed up? thanks Scott -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] permissions problem with adding a machine
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 09/19/2006 10:52 PM, David Bear escreveu: > I have configured a domain controller in samba 3.0.xxx. I followed the > how-to at samba.org and I think I may have missed a step because now > when I attempt to add a machine to the domain, I get an error. > > I am using tdbsam as the user/group store. I ran the net group map to > make windows groups to unix groups. I have verified that my > administrator users are in group wheel. > > I do not use the map users file. I found that when I put my > administrative user names there they were not permitted to log into > the domain. > > Is there a checklist that I can follow to make sure I didn't forget a > step? There are no checklists that I'm aware of. Did you try to add a machine with 'root'? Did you set any users in the "Domain Admins" group? (And of course, did 'net groupmap' a unixgroup to the "Domain Admins" group?). If you still have problems, please, send you smb.conf attached with the important part of your log (also increase the loglevel/debuglevel). Kind regards, - -- Felipe Augusto van de Wiel <[EMAIL PROTECTED]> Coordenadoria de Tecnologia da Informação (CTI) - SEDU/PARANACIDADE http://www.paranacidade.org.br/ Phone: (+55 41 3350 3300) -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.5 (GNU/Linux) Comment: Using GnuPG with Debian - http://enigmail.mozdev.org iD8DBQFFGA4oCj65ZxU4gPQRAq7SAKDOibdKc7lpAoADL6g0daUvHOkL0gCfZeKu fJgy9lo0Q17jkbzaAQvX/So= =dDb5 -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] permissions problem with adding a machine
I have configured a domain controller in samba 3.0.xxx. I followed the how-to at samba.org and I think I may have missed a step because now when I attempt to add a machine to the domain, I get an error. I am using tdbsam as the user/group store. I ran the net group map to make windows groups to unix groups. I have verified that my administrator users are in group wheel. I do not use the map users file. I found that when I put my administrative user names there they were not permitted to log into the domain. Is there a checklist that I can follow to make sure I didn't forget a step? -- David Bear phone: 602-496-0424 fax:602-496-0955 College of Public Programs/ASU University Center Rm 622 411 N Central Phoenix, AZ 85007-0685 "Beware the IP portfolio, everyone will be suspect of trespassing" -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Wierd Samba permissions problem (URGENT)
Which version of samba are you using? Until 3.0.14 there was a bug in the ACL handling of Samba afaik. The symptoms you describe sound very similar. > > Hello List, > > Please CC me on responses as I am not currently subscribed to the list. > > Please see the following attached files for details. > > Basically, Samba comes back and says the our users have no rights to > create / modify / delete files on a share, even though the file system > permissions seem correct and the smb.conf file looks good and the user > either owns the file / directory or is listed in the group. > > > -- > Lee Leahu RICIS, Inc. > Internet Technology Specialist 866-RICIS-77 Toll Free Voice (US) > [EMAIL PROTECTED] 708-444-2690 Voice (International) > http://www.ricis.com/ 866-99-RICIS Toll Free Fax (US) > 708-444-2697 Fax (International) > > RICIS, Inc. is a member of the Public Safety Alliance Group > > This email and any attachments that are included in it have been scanned > for malicious or inappropriate content and are believed to be safe. > > > -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Wierd Samba permissions problem (URGENT)
Hello List, Please CC me on responses as I am not currently subscribed to the list. Please see the following attached files for details. Basically, Samba comes back and says the our users have no rights to create / modify / delete files on a share, even though the file system permissions seem correct and the smb.conf file looks good and the user either owns the file / directory or is listed in the group. -- Lee Leahu RICIS, Inc. Internet Technology Specialist 866-RICIS-77 Toll Free Voice (US) [EMAIL PROTECTED] 708-444-2690 Voice (International) http://www.ricis.com/ 866-99-RICIS Toll Free Fax (US) 708-444-2697 Fax (International) RICIS, Inc. is a member of the Public Safety Alliance Group This email and any attachments that are included in it have been scanned for malicious or inappropriate content and are believed to be safe. starting in '/' # getfacl . # file: . # owner: root # group: root user::rwx group::r-x other::r-x # getfacl var # file: var # owner: root # group: root user::rwx group::r-x other::r-x # getfacl var/samba # file: var/samba # owner: root # group: root user::rwx group::r-x other::r-x # getfacl var/samba/OURdocs/ # file: var/samba/OURdocs # owner: merlin # group: library user::rwx group::rwx other::rwx # getfacl var/samba/OURdocs/Merlin # file: var/samba/OURdocs/Merlin # owner: merlin # group: library user::rwx group::rwx other::rwx -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] permissions problem
Hi, i have a samba server with a share, in that share there is a folder called, for example 'users' and then sub folders with permissions 750 for each. With this i can handle de access to the folder by group. Let me put more clear: x:\ - - - - >users \ - ->john --->paul --->production The problem is this: even that user paul or anyone of his group can't access to john folder, he can delete de folder john. Is there a way to prevent this?, i mean, to prohibit anyone exept john and his members group to delete that folder¿? Thanks.- MMo-.- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Permissions Problem
I can see and read the samba share on a Fedora Core 4 box, but I can't add, modify, delete anything neither directories nor files. How do I enable file writing, modification and deletion? --- smb.conf # Global parameters [global] server string = Samba Server username map = /etc/samba/smbusers log file = /var/log/samba/%m.log max log size = 50 socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 printcap name = /etc/printcap dns proxy = No idmap uid = 16777216-33554431 idmap gid = 16777216-33554431 cups options = raw workgroup = workgroup [homes] comment = Home Directories writeable = yes browseable = No [printers] comment = All Printers path = /var/spool/samba printable = Yes browseable = No [share] comment = FC4 Samba Share path = /share writeable = yes guest ok = Yes --- ls -lai total 112 2979006 drwxrwxrwx 2 root root 4096 Sep 20 13:34 . 2 drwxr-xr-x 26 root root 4096 Sep 20 13:23 .. 2979099 -rwxrwxrwx 1 root root20 Sep 20 13:25 lmhosts 2979108 -rwxrwxrwx 1 root root 0 Sep 20 13:34 ls.txt 2979007 -rwxrwxrwx 1 root root40 Aug 24 14:50 OpenShare.txt 2979100 -rwxrwxrwx 1 root root 8192 Sep 20 13:25 secrets.tdb 2979101 -rwxrwxrwx 1 root root 695 Sep 20 13:25 smb.conf 2979102 -rwxrwxrwx 1 root root 744 Sep 20 13:25 smb.conf.1 2979103 -rwxrwxrwx 1 root root 10997 Sep 20 13:25 smb.conf.master 2979104 -rwxrwxrwx 1 root root 100 Sep 20 13:25 smbpasswd 2979105 -rwxrwxrwx 1 root root 100 Sep 20 13:25 smbpasswd.dnt 2979106 -rwxrwxrwx 1 root root 110 Sep 20 13:25 smbusers 2979107 -rwxrwxrwx 1 root root 110 Sep 20 13:25 smbusers.dnt -- - JLR -- garbage jraff a t comcast d o t net garbage Remove garbage and reformat to send mail -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Permissions problem - smb 3 and FBSD 5.4-stable
Hi Folks, I'm using samba 3.0.14a_1,1 on FreeBSD 5.4-STABLE. I'm having a problem that all my samba users must be set in 'admins users' directive in smb.conf. Users that aren't on 'admin users' in smb.conf don't have permissions to read/write some shares and their own home directory. Any suggestion? Thanks, Felipe. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Permissions Problem (?)
Hello, I'm an inexperienced Linux / Samba user attempting to get some simple networking going with various versions of Windows. Running Samba 3.0.14a-2 on a 'freebie magazine' fedora install. I appear to have a what I think is a permissions problem, but could(?) be username or password related. I can see my shares on all of my Windows clients (2k,xp and 98). I can read from them, but not write to them. Win 2K and 98 reports 'Cannot access this file. Check security priveleges over the network drive'. when trying to create a new or modify an existing file. If I smbmount the share (on the linux box on which it exists), I also cannot write to it when logged in as user Simon, though I can write to it direct (ie not through the mount point) logged in as Simon. I have the following in smb.conf: [global] workgroup = AED wins support = yes log level = 3 max log size = 1000 read only = no hosts allow = 192.168.2. printcap name = /etc/printcap printing = lprng log file = /root/smb.log server string = Testing smb passwd file = etc/samba/smbpasswd password level = 8 username level = 8 and [D-Main-Data] comment = Main Data Drive path = /usr/AED/D-Main-Data/ valid users = Simon create mask = 0775 write list = Simon At /usr/AED/D-Main-Data, the permisions show as drwxrwxrwx, though at the the point where the share is smbmounted are drwx-r-xr-x. I suspect this is the clue to the whole thing, but I don't know the solution! I've tried setting the owner of /usr/AED/D-Main-Data to both root and to Simon to no avail. Windows shows no permissions ticked in Security Properties for the shared directory or directories under it. A file created on the Linux box as user Simon shows as having Read and Write ticked, but I still can't modify and save it. I have the same user / password combinations set up on the Win and Linux boxes, and also in smbpasswd. I have a horrible feeling this is a basic linux permissions issue, but I'm at the end of my own limited abilities with it. Thanks in advance, Simon Ansley -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Permissions problem/misunderstanding ... "Domain Admins" vs. Administrators
Hi, Using Samba 3.0.14a and AIX 4.3, I have been able to join PC's to the domain without any problem. It "just works". I am using local profiles, and serving login batch files from the server, and that "just works". So far, I'm a happy camper. Now, I am trying to understand permissions so that I can actually use the "moveuser.exe" command from the "Windows Server 2003 Resource Kit Tools" (http://www.microsoft.com/downloads/details.aspx?FamilyID=9d467a69-57ff-4ae7-96ee-b18c4790cffd&displaylang=en). This is on Windows XP Pro SP2 with all recent patches. I am trying to "Copy" the existing local user profile to the Doman so they retain their desktop & favorites, etc. The "moveuser" command says that it needs to run with the permissions of someone able to write the profile. So, I figure a user in the "Domain Admins" group should be able to do this. Have complete access to the local PC and complete access to the Samba server. I keep getting a "Permission Denied" error. Here's the lead up: Following the directions in the Samba3-HOWTO.pdf (page 226), I created a group "domadm" in /etc/groups consisting of: domadm:!:1000:keith,root,steve Then, I did a: net groupmap add ntgroup="Domain Admins" unixgroup=domadm on the AIX Server: AIX# net rpc group Password: Domain Admin System Operators Replicators Guests Power Users Print Operators Administrators Account Operators Backup Operators Users and: AIX# net rpc group members "Domain Admins" Password: AIXDOM\keith AIXDOM\root AIXDOM\steve So, that all looks fine. From the Windows XP SP2 server: C:\>net localgroup Aliases for \\OKE_OFFICE --- *Administrators *Backup Operators *BCMUsers *Debugger Users *Guests *HelpServicesGroup *Network Configuration Operators *Power Users *Remote Desktop Users *Replicator *Users The command completed successfully. and C:\>net localgroup Administrators Alias name Administrators CommentAdministrators have complete and unrestricted access to the compu ter/domain Members --- Administrator Dianne AIXDOM\Domain Admins The command completed successfully. and again from the XP SP2 box: C:\>net group "Domain Admins" /domain The request will be processed at a domain controller for domain AIXDOM. Group name Domain Admins CommentDomain Unix group Members --- keithroot steve The command completed successfully. Ok, so as far as I can tell, the connectivity is all the way through. I do have a username map for Administrator to "root" (I know 3.0.14a does not need "root", but I am trying to narrow the options for me screwing up). But if I log onto the XP SP2 workstation as "root" and the appropriate password, everything seems sane. In my mind, I should now have the same power as the local "Administrator" user on that PC. However, I if I browse the My Computer, I CANNOT go into any other user's "Document and Settings" folder other than root's. I think there is something very very wrong here, but I cannot figure out for the life of me what it is! If I log in as Administrator to the local workstation, I can access everywhere on the drive... This is driving me crazy! I missing some subtle piece of the puzzle... or maybe not so subtle! lol.. Hum... one other piece of (perhaps) relevant information is that I am running smbpasswd backend for now. I cannot upgrade because the samba password file has about 250 users that are not in the /etc/groups. When I import the smbpasswd into the tdbsam, I get lots of errors & ppl cannot log on :-( That will be my next thing, awk script to clean the smbpasswd file (relative to the /etc/passwd file). Does anyone have ANY advice? Thanks, Steve Williams -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Permissions Problem
Hello, I have a share called [math] and in it, I have files in it. When I write files to the root of that share, it successfully saves them with a permission of 775. In my smb.conf, I have the following: force create mode = 0775 force directory mode = 0775 Now.. when a user saves into a subdirectory of that share, it sets permissions as 0755, which doesnt really work so well for me. My question is, how can I make sure that all files under the share are set mode 775 when created/saved/modified/etc ? I am using Samba 3.0.10 on FreeBSD 5.3-RELEASE Any assistance would be greatly appreciated! - Don Brearley HCC Computer Services -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Permissions Problem
On Monday 29 November 2004 10:52, robert wrote: > > Well, two ideas. First try shortening the share name. I've seen problems on > some clients (you didn't say which client you are using) with the longer > share names and ones that use a hyphen (not the case here). Second, I did > find a KB article 838895 > (http://support.microsoft.com/default.aspx?scid=kb;en-us;838895) which may > describe your problem. Even if that's not the version of excel you are > using, it might still be accurate (M$ doesn't always issue articles for > bugs they know about). I might buy it, but: 1. The problem is also exhibited with Notepad. 2. The share name is only 10 letters long. I have not heard of problems with shares that long, especially with WinXP and Win2K clients. Still looking, Misty > > -- > Fail to learn history-repeat it. > Fail to learn rights-lose them. > Learn both-get screwed by previous two groups. > Public key is at http://home.swbell.net/berzerke/robert.key > Fingerprint: 0D70 9ADF B5A7 45E7 A853 4B1C 8E0F 4324 C39D 44A2 -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Permissions Problem
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Monday 29 November 2004 09:19, Misty Stanley-Jones wrote: > On Monday 29 November 2004 10:03, Misty Stanley-Jones wrote: > > Hi all, > > > > I've got a share called [ACCOUNTING] with the following share definition: > > [ACCOUNTING] > > path = /data/samba/shares/Accounting > > valid users = @acct @"Domain Admins" > > browseable = yes > > public = no > > read only = no > > force group = acct > > > > Here is the permissions on the directory: > > oink:/data/samba/shares # ls -ld /data/samba/shares/Accounting > > drwxrwxr-x 9 root acct 4096 Nov 29 09:30 /data/samba/shares/Accounting > > > > Here is the permissions on a file in the directory: > > -rwxrwxrwx 1 root acct 904192 Nov 29 > > 09:48 /data/samba/shares/Accounting/Invoice Recap.xls > > > > The permissions on this file look fine from within Windows Explorer \ > > properties \ Security. They look fine on the UNIX side. But in Excel, > > this file is always opened as read-only. I have verified that the user > > in question is in the acct group. Also the 'fuser' command does not > > report anyone using the file. I would appreciate any help in figure out > > what has gone wrong here. > > New info to add: > > If I access the share as \\corpsrv\accounting, I can write to the files. > If I access it via its drive letter I cannot. I've just mapped it via the > command: > net use m: \\corpsrv\accounting > > Also it is not just Excel. I've tried to open a text file with Notepad and > I get the same results. > > Any ideas? > > Thanks, > Misty > > > Thanks, > > Misty Well, two ideas. First try shortening the share name. I've seen problems on some clients (you didn't say which client you are using) with the longer share names and ones that use a hyphen (not the case here). Second, I did find a KB article 838895 (http://support.microsoft.com/default.aspx?scid=kb;en-us;838895) which may describe your problem. Even if that's not the version of excel you are using, it might still be accurate (M$ doesn't always issue articles for bugs they know about). - -- Fail to learn history-repeat it. Fail to learn rights-lose them. Learn both-get screwed by previous two groups. Public key is at http://home.swbell.net/berzerke/robert.key Fingerprint: 0D70 9ADF B5A7 45E7 A853 4B1C 8E0F 4324 C39D 44A2 -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.4 (GNU/Linux) iD8DBQFBq0XAjg9DJMOdRKIRAoSDAKCOHhqCjB3/U8Qdqq19lTu7/k/KwwCfZYG6 +oTQ2TXiNmS9Zdhp0LGjDf8= =uz0u -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Permissions Problem
On Monday 29 November 2004 10:03, Misty Stanley-Jones wrote: > Hi all, > > I've got a share called [ACCOUNTING] with the following share definition: > [ACCOUNTING] > path = /data/samba/shares/Accounting > valid users = @acct @"Domain Admins" > browseable = yes > public = no > read only = no > force group = acct > > Here is the permissions on the directory: > oink:/data/samba/shares # ls -ld /data/samba/shares/Accounting > drwxrwxr-x 9 root acct 4096 Nov 29 09:30 /data/samba/shares/Accounting > > Here is the permissions on a file in the directory: > -rwxrwxrwx 1 root acct 904192 Nov 29 > 09:48 /data/samba/shares/Accounting/Invoice Recap.xls > > The permissions on this file look fine from within Windows Explorer \ > properties \ Security. They look fine on the UNIX side. But in Excel, > this file is always opened as read-only. I have verified that the user in > question is in the acct group. Also the 'fuser' command does not report > anyone using the file. I would appreciate any help in figure out what has > gone wrong here. > New info to add: If I access the share as \\corpsrv\accounting, I can write to the files. If I access it via its drive letter I cannot. I've just mapped it via the command: net use m: \\corpsrv\accounting Also it is not just Excel. I've tried to open a text file with Notepad and I get the same results. Any ideas? Thanks, Misty > Thanks, > Misty -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Permissions Problem
Hi all, I've got a share called [ACCOUNTING] with the following share definition: [ACCOUNTING] path = /data/samba/shares/Accounting valid users = @acct @"Domain Admins" browseable = yes public = no read only = no force group = acct Here is the permissions on the directory: oink:/data/samba/shares # ls -ld /data/samba/shares/Accounting drwxrwxr-x 9 root acct 4096 Nov 29 09:30 /data/samba/shares/Accounting Here is the permissions on a file in the directory: -rwxrwxrwx 1 root acct 904192 Nov 29 09:48 /data/samba/shares/Accounting/Invoice Recap.xls The permissions on this file look fine from within Windows Explorer \ properties \ Security. They look fine on the UNIX side. But in Excel, this file is always opened as read-only. I have verified that the user in question is in the acct group. Also the 'fuser' command does not report anyone using the file. I would appreciate any help in figure out what has gone wrong here. Thanks, Misty -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Permissions problem with 3.0.8
On Tue, Nov 09, 2004 at 05:14:44PM +0100, Beschorner Daniel wrote: > We use LDAP backend and Linux 2.6. > It happens only --with-acl-support. > This 2 errors I found in the level 10 log when I try to copy a fresh copied > file a second time on itself (permissions of test file are -r-xrw, user > and group match) > Maybe the attribute mapping goes another path with acl support? > 3.0.7 works fine. 3.0.7 also started working fine for me and my roaming profiles. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Permissions problem with 3.0.8
On Tue, Nov 09, 2004 at 05:14:44PM +0100, Beschorner Daniel wrote: > [2004/11/09 17:02:02, 10] smbd/open.c:open_file_shared1(1038) > open_file_shared: fname = bootfont.bin, dos_attrs = 27, share_mode = 41, > ofun = 12, mode = 560, oplock request = 3 > [2004/11/09 17:02:02, 8] smbd/dosmode.c:dos_mode(283) > dos_mode: bootfont.bin > [2004/11/09 17:02:02, 8] smbd/dosmode.c:dos_mode_from_sbuf(151) > dos_mode_from_sbuf returning ra > [2004/11/09 17:02:02, 8] smbd/dosmode.c:dos_mode(315) > dos_mode returning ra > [2004/11/09 17:02:02, 10] smbd/open.c:open_match_attributes(922) > open_match_attributes: file bootfont.bin old_dos_mode = 0x21, > existing_mode = 0100560, new_dos_mode = 0x27 returned_mode = > [2004/11/09 17:02:02, 5] smbd/open.c:open_file_shared1(1141) > open_file_shared: read/write access requested for file bootfont.bin on > read only file > [2004/11/09 17:02:02, 5] smbd/files.c:file_free(385) > freed files structure 5799 (2 used) > [2004/11/09 17:02:02, 10] smbd/trans2.c:set_bad_path_error(2234) > set_bad_path_error: err = 13 bad_path = 0 > [2004/11/09 17:02:02, 3] smbd/error.c:error_packet(105) > error string = Permission denied > [2004/11/09 17:02:02, 3] smbd/error.c:error_packet(129) > error packet at smbd/trans2.c(2243) cmd=162 (SMBntcreateX) > NT_STATUS_ACCESS_DENIED > > ... > > [2004/11/09 17:02:02, 8] smbd/dosmode.c:dos_mode(283) > dos_mode: bootfont.bin > [2004/11/09 17:02:02, 8] smbd/dosmode.c:dos_mode_from_sbuf(151) > dos_mode_from_sbuf returning ra > [2004/11/09 17:02:02, 8] smbd/dosmode.c:dos_mode(315) > dos_mode returning ra > [2004/11/09 17:02:02, 6] smbd/trans2.c:call_trans2setfilepathinfo(3621) > actime: Wed Apr 2 13:00:00 2003 >modtime: Thu Jan 1 01:00:00 1970 >size: 4952 dosmode: a0 > [2004/11/09 17:02:02, 8] smbd/dosmode.c:dos_mode(283) > dos_mode: bootfont.bin > [2004/11/09 17:02:02, 8] smbd/dosmode.c:dos_mode_from_sbuf(151) > dos_mode_from_sbuf returning ra > [2004/11/09 17:02:02, 8] smbd/dosmode.c:dos_mode(315) > dos_mode returning ra > [2004/11/09 17:02:02, 10] smbd/trans2.c:call_trans2setfilepathinfo(3678) > call_trans2setfilepathinfo: file bootfont.bin : setting dos mode a0 > [2004/11/09 17:02:02, 10] smbd/dosmode.c:file_set_dosmode(340) > file_set_dosmode: setting dos mode 0xa0 on file bootfont.bin > [2004/11/09 17:02:02, 2] smbd/trans2.c:call_trans2setfilepathinfo(3681) > file_set_dosmode of bootfont.bin failed (No data available) > [2004/11/09 17:02:02, 3] smbd/error.c:error_packet(105) > error string = No data available > [2004/11/09 17:02:02, 3] smbd/error.c:error_packet(129) > error packet at smbd/trans2.c(3682) cmd=50 (SMBtrans2) > NT_STATUS_ACCESS_DENIED I'm getting what seems to be (at first glance) the same error in my roaming profiles problem. It happens with a winxp sp2 pro pt_BR workstation while trying to copy the profiles to the profile share. (user "maria") (...) [2004/11/09 14:21:42, 3] smbd/trans2.c:call_trans2setfilepathinfo(3096) call_trans2setfilepathinfo(8) maria/SendTo (fnum 8786) info_level=1004 totdata=40 [2004/11/09 14:21:42, 8] smbd/dosmode.c:dos_mode(283) dos_mode: maria/SendTo [2004/11/09 14:21:42, 8] smbd/dosmode.c:dos_mode_from_sbuf(151) dos_mode_from_sbuf returning d [2004/11/09 14:21:42, 8] smbd/dosmode.c:dos_mode(315) dos_mode returning d [2004/11/09 14:21:42, 6] smbd/trans2.c:call_trans2setfilepathinfo(3621) actime: Tue Nov 9 14:21:42 2004 modtime: Wed Dec 31 21:00:00 1969 size: 0 dosmode: 13 [2004/11/09 14:21:42, 8] smbd/dosmode.c:dos_mode(283) dos_mode: maria/SendTo [2004/11/09 14:21:42, 8] smbd/dosmode.c:dos_mode_from_sbuf(151) dos_mode_from_sbuf returning d [2004/11/09 14:21:42, 8] smbd/dosmode.c:dos_mode(315) dos_mode returning d [2004/11/09 14:21:42, 10] smbd/trans2.c:call_trans2setfilepathinfo(3678) call_trans2setfilepathinfo: file maria/SendTo : setting dos mode 13 [2004/11/09 14:21:42, 10] smbd/dosmode.c:file_set_dosmode(340) file_set_dosmode: setting dos mode 0x13 on file maria/SendTo [2004/11/09 14:21:42, 2] smbd/trans2.c:call_trans2setfilepathinfo(3681) file_set_dosmode of maria/SendTo failed (No data available) [2004/11/09 14:21:42, 3] smbd/error.c:error_packet(105) error string = No data available [2004/11/09 14:21:42, 3] smbd/error.c:error_packet(129) error packet at smbd/trans2.c(3682) cmd=50 (SMBtrans2) NT_STATUS_ACCESS_DENIED (...) strace from that part shows a mkdir for maria/SendTo, then getxattr("maria/SendTo"... which returns ENODATA and later on a rmdir for maria/SendTo. Perhaps windows couldn't set some permissions and gave up? -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
AW: [Samba] Permissions problem with 3.0.8
We use LDAP backend and Linux 2.6. It happens only --with-acl-support. This 2 errors I found in the level 10 log when I try to copy a fresh copied file a second time on itself (permissions of test file are -r-xrw, user and group match) Maybe the attribute mapping goes another path with acl support? 3.0.7 works fine. Daniel [2004/11/09 17:02:02, 10] smbd/open.c:open_file_shared1(1038) open_file_shared: fname = bootfont.bin, dos_attrs = 27, share_mode = 41, ofun = 12, mode = 560, oplock request = 3 [2004/11/09 17:02:02, 8] smbd/dosmode.c:dos_mode(283) dos_mode: bootfont.bin [2004/11/09 17:02:02, 8] smbd/dosmode.c:dos_mode_from_sbuf(151) dos_mode_from_sbuf returning ra [2004/11/09 17:02:02, 8] smbd/dosmode.c:dos_mode(315) dos_mode returning ra [2004/11/09 17:02:02, 10] smbd/open.c:open_match_attributes(922) open_match_attributes: file bootfont.bin old_dos_mode = 0x21, existing_mode = 0100560, new_dos_mode = 0x27 returned_mode = [2004/11/09 17:02:02, 5] smbd/open.c:open_file_shared1(1141) open_file_shared: read/write access requested for file bootfont.bin on read only file [2004/11/09 17:02:02, 5] smbd/files.c:file_free(385) freed files structure 5799 (2 used) [2004/11/09 17:02:02, 10] smbd/trans2.c:set_bad_path_error(2234) set_bad_path_error: err = 13 bad_path = 0 [2004/11/09 17:02:02, 3] smbd/error.c:error_packet(105) error string = Permission denied [2004/11/09 17:02:02, 3] smbd/error.c:error_packet(129) error packet at smbd/trans2.c(2243) cmd=162 (SMBntcreateX) NT_STATUS_ACCESS_DENIED ... [2004/11/09 17:02:02, 8] smbd/dosmode.c:dos_mode(283) dos_mode: bootfont.bin [2004/11/09 17:02:02, 8] smbd/dosmode.c:dos_mode_from_sbuf(151) dos_mode_from_sbuf returning ra [2004/11/09 17:02:02, 8] smbd/dosmode.c:dos_mode(315) dos_mode returning ra [2004/11/09 17:02:02, 6] smbd/trans2.c:call_trans2setfilepathinfo(3621) actime: Wed Apr 2 13:00:00 2003 modtime: Thu Jan 1 01:00:00 1970 size: 4952 dosmode: a0 [2004/11/09 17:02:02, 8] smbd/dosmode.c:dos_mode(283) dos_mode: bootfont.bin [2004/11/09 17:02:02, 8] smbd/dosmode.c:dos_mode_from_sbuf(151) dos_mode_from_sbuf returning ra [2004/11/09 17:02:02, 8] smbd/dosmode.c:dos_mode(315) dos_mode returning ra [2004/11/09 17:02:02, 10] smbd/trans2.c:call_trans2setfilepathinfo(3678) call_trans2setfilepathinfo: file bootfont.bin : setting dos mode a0 [2004/11/09 17:02:02, 10] smbd/dosmode.c:file_set_dosmode(340) file_set_dosmode: setting dos mode 0xa0 on file bootfont.bin [2004/11/09 17:02:02, 2] smbd/trans2.c:call_trans2setfilepathinfo(3681) file_set_dosmode of bootfont.bin failed (No data available) [2004/11/09 17:02:02, 3] smbd/error.c:error_packet(105) error string = No data available [2004/11/09 17:02:02, 3] smbd/error.c:error_packet(129) error packet at smbd/trans2.c(3682) cmd=50 (SMBtrans2) NT_STATUS_ACCESS_DENIED -Ursprüngliche Nachricht- Von: Gerald (Jerry) Carter [mailto:[EMAIL PROTECTED] Gesendet: Dienstag, 9. November 2004 15:16 An: Beschorner Daniel Cc: '[EMAIL PROTECTED]' Betreff: Re: [Samba] Permissions problem with 3.0.8 -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Beschorner Daniel wrote: | Since 3.0.8 we have a file permission problem (group related???). | I didn't take a closer look at it, our production environment went | back to 3.0.7. | | symptoms: certain files can't be recreated/deleted, but group rights should | allow it. | | 3.0.7 works fine. We'll need a lot more information. cheers, jerry -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.4 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFBkNEaIR7qMdg1EfYRAm3ZAJ9OusYDoQOvA8a/hglSsrn+ctw6DQCg6ugq Ty8XyPgZBQb24C+qVMpFmpk= =p3FL -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Permissions problem with 3.0.8
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Beschorner Daniel wrote: | Since 3.0.8 we have a file permission problem (group related???). | I didn't take a closer look at it, our production environment went back to | 3.0.7. | | symptoms: certain files can't be recreated/deleted, but group rights should | allow it. | | 3.0.7 works fine. We'll need a lot more information. cheers, jerry -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.4 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFBkNEaIR7qMdg1EfYRAm3ZAJ9OusYDoQOvA8a/hglSsrn+ctw6DQCg6ugq Ty8XyPgZBQb24C+qVMpFmpk= =p3FL -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Permissions problem with 3.0.8
Since 3.0.8 we have a file permission problem (group related???). I didn't take a closer look at it, our production environment went back to 3.0.7. symptoms: certain files can't be recreated/deleted, but group rights should allow it. 3.0.7 works fine. Daniel -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Permissions problem...I must be overlooking *something*...
Hi, I nearly have the same problem as David. I have a share: [forall] path = /home/data/forall read only = yes write list = Administrator, @lehrer, @domadm, @verwaltung force user = root force group = staff create mask = 0664 directory mask = 0775 and rwxrwxr-x9 root staff 4096 Jul 27 12:42 forall Neither Administrator nor any of the given group members are allowed to create any files in this path. But, when I remove the "force *" attributes everything works like expected... except the owner/group is not set, of course. I could be wrong, but this problems occurs firstly when I started to migrate to samba 3.0.4 (and now 3.0.5). In an environment with samba 3.0.2a (and below) this is working. The logs only tell me, that this is a read-only share and it is not possible to write to. I use Samba as PDC with LDAP backend also for posix accounts. David, did you solve your problem already? Thanks for any help, Patrick -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Permissions problem...I must be overlooking *somethin g*...
> -Original Message- > From: Mike Stewart [mailto:[EMAIL PROTECTED] > Hi, just a thought > > Are the LINUX permissions on the directory set correctly ? > Make sure it's > owned by your group, I got caught out by that a few times > when I created a > new directory as "root" and then tried to share it for "users" The directory is owned by "INTERCLEAN+Domain Admins". I finally gave up and set the user ownership to myself...it works now for me, which is enough for now, since currently I'm the only active domain admin. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Permissions problem...I must be overlooking *something*...
Hi, just a thought Are the LINUX permissions on the directory set correctly ? Make sure it's owned by your group, I got caught out by that a few times when I created a new directory as "root" and then tried to share it for "users" Mike - Original Message - From: "David Brodbeck" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Tuesday, July 13, 2004 4:56 PM Subject: RE: [Samba] Permissions problem...I must be overlooking *something*... > > -Original Message- > > From: Mark Lidstone [mailto:[EMAIL PROTECTED] > > > You've probably only put them in because of the problem you're having, > > but "writeable/writable" and "read only" are actually the same setting > > but reversed. E.g. "writeable/writable = yes" is the same as > > "read only > > = no". Therefore you only need to put one or the other. > > Yes, I know. I originally only had writable = yes, but I added the other > out of frustration with Samba insisting the share is read-only. > > > Anyway, onto my suggestion. Have you restarted samba since > > you made the > > share writeable? > > Yes, I sent the HUP signal to the daemon to tell it to re-load its > configuration file. > > > Also, if you're forcing group "INTERCLEAN+Domain Admins" and setting > > "valid users" to the same, won't everyone be able to write to > > the share > > as a domain admin? > > Would they? I figured only Domain Admins would be allowed to access the > share at all, then the "force group" would take effect after that. I took > the "force group" line out, but it made no difference, I still can't create > any files. > -- > To unsubscribe from this list go to the following URL and read the > instructions: http://lists.samba.org/mailman/listinfo/samba > > --- Outgoing mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.712 / Virus Database: 468 - Release Date: 28/06/2004 -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Permissions problem...I must be overlooking *somethin g*...
> -Original Message- > From: Mark Lidstone [mailto:[EMAIL PROTECTED] > You've probably only put them in because of the problem you're having, > but "writeable/writable" and "read only" are actually the same setting > but reversed. E.g. "writeable/writable = yes" is the same as > "read only > = no". Therefore you only need to put one or the other. Yes, I know. I originally only had writable = yes, but I added the other out of frustration with Samba insisting the share is read-only. > Anyway, onto my suggestion. Have you restarted samba since > you made the > share writeable? Yes, I sent the HUP signal to the daemon to tell it to re-load its configuration file. > Also, if you're forcing group "INTERCLEAN+Domain Admins" and setting > "valid users" to the same, won't everyone be able to write to > the share > as a domain admin? Would they? I figured only Domain Admins would be allowed to access the share at all, then the "force group" would take effect after that. I took the "force group" line out, but it made no difference, I still can't create any files. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Permissions problem...I must be overlooking *something*...
Hi David, First of all I'll suggest the obvious (probably not your problem here, but it's worth a shot). You've probably only put them in because of the problem you're having, but "writeable/writable" and "read only" are actually the same setting but reversed. E.g. "writeable/writable = yes" is the same as "read only = no". Therefore you only need to put one or the other. If you stick to only using one it can make your smb.conf easier to read. This won't be causing the problem, it's just a bit of "config file snobbery" ;) Anyway, onto my suggestion. Have you restarted samba since you made the share writeable? Also, if you're forcing group "INTERCLEAN+Domain Admins" and setting "valid users" to the same, won't everyone be able to write to the share as a domain admin? Seems a bit like a security risk to me, but then I'm sure you've a good reason why you've done this. I hope this helps, Mark Lidstone IT and Network Support Administrator BMT SeaTech Ltd Grove House, Meridians Cross, 7 Ocean Way Ocean Village, Southampton. SO14 3TJ. UK Tel: +44 (0)23 8063 5122 Fax: +44 (0)23 8063 5144 E-Mail: mailto:[EMAIL PROTECTED] Website: www.bmtseatech.co.uk == Confidentiality Notice and Disclaimer: The contents of this e-mail and any attachments are intended only for the use of the e-mail addressee(s) shown. If you are not that person, or one of those persons, you are not allowed to take any action based upon it or to copy it, forward, distribute or disclose the contents of it and you should please delete it from your system. BMT SeaTech Limited does not accept liability for any errors or omissions in the context of this e-mail or its attachments which arise as a result of Internet transmission, nor accept liability for statements which are those of the author and not clearly made on behalf of BMT SeaTech Limited. == -Original Message- From: David Brodbeck [mailto:[EMAIL PROTECTED] Sent: 13 July 2004 15:56 To: '[EMAIL PROTECTED]' Subject: [Samba] Permissions problem...I must be overlooking *something*... I have a share I can't seem to create files on, and I can't figure out why. I get "Access denied" from Windows, and the samba log shows this: [2004/07/13 10:52:26, 2] smbd/open.c:open_directory(1293) open_directory: failing create on read-only share [2004/07/13 10:52:26, 2] smbd/open.c:open_directory(1293) open_directory: failing create on read-only share The share has the following definition: [webfiles] path = /var/www force group = "INTERCLEAN+Domain Admins" valid users = @"INTERCLEAN+Domain Admins" writable = yes read only = no Here are the permissions on /var/www: # file: www # owner: root # group: INTERCLEAN+Domain Admins user::rwx group::rwx other::r-x I'm in the Domain Admins group. Why doesn't this work? I'm sure there's something silly I'm overlooking, but I can't see what it is right now. --- David Brodbeck, System Administrator InterClean Equipment, Inc. 3939 Bestech Drive Suite B Ypsilanti, MI 48197 (734) 975-2967 x221 (734) 975-1646 (fax) -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Permissions problem...I must be overlooking *something*...
I have a share I can't seem to create files on, and I can't figure out why. I get "Access denied" from Windows, and the samba log shows this: [2004/07/13 10:52:26, 2] smbd/open.c:open_directory(1293) open_directory: failing create on read-only share [2004/07/13 10:52:26, 2] smbd/open.c:open_directory(1293) open_directory: failing create on read-only share The share has the following definition: [webfiles] path = /var/www force group = "INTERCLEAN+Domain Admins" valid users = @"INTERCLEAN+Domain Admins" writable = yes read only = no Here are the permissions on /var/www: # file: www # owner: root # group: INTERCLEAN+Domain Admins user::rwx group::rwx other::r-x I'm in the Domain Admins group. Why doesn't this work? I'm sure there's something silly I'm overlooking, but I can't see what it is right now. --- David Brodbeck, System Administrator InterClean Equipment, Inc. 3939 Bestech Drive Suite B Ypsilanti, MI 48197 (734) 975-2967 x221 (734) 975-1646 (fax) -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Permissions problem
I am having problems settings permissions on files or directories. I am running Samba 3.0.4 with domain logins. Let's say that I have a share where everyone in the domain has access to it but there are a couple of files in that share that only two of the people in the domain need access to them. With my old NT domain, I could right-click on the files and change the security settings. Whenever I try to modify the files security settings, I get an Access is denied message. I am logging into the domain with admin privledges. So does this mean I have to either: a) create a new share just for these two people? or b) create a group for these two people and chgrp the files to this newly created group? or c) change some settings on my server because I should be able to modify a files security settings? Thanks, Doug -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Permissions Problem using ADS
I am running Samba 3.0.3 on a Red Hat Linux 9 server (Intel based). I am using the procedures outlined in a document found at http://de.samba.org/samba/docs/man/unixclients.html. My Samba server is to be a Member Server in a W2K Active Directory (AD) domain. The procedures for this begin on page 13. I perform all steps outlined and get similar results. On the Samba server, I created a folder called /shares/test and, using SWAT, shared it with the share name of admin. Below is a copy of my smb.conf file: # Samba config file created using SWAT # from 192.168.2.201 (192.168.2.201) # Date: 2004/05/03 10:26:12 # Global parameters [global] unix charset = LOCALE workgroup = CALRCO realm = LRCO.LRC netbios name = SAMBA security = ADS password server = 192.168.2.190 username map = /etc/samba/smbusers log level = 1 syslog = 0 log file = /var/log/samba/%m max log size = 50 wins server = 192.168.2.247, 192.168.2.240 ldap ssl = no idmap uid = 1-2 idmap gid = 1-2 template primary group = template shell = /bin/bash path = /shares/admin [printers] comment = SMB Print Spool path = /var/spool/samba guest ok = Yes printable = Yes browseable = No [print$] comment = Printer Drivers path = /var/lib/samba/drivers admin users = root, Administrator write list = root [admin] comment = Lyman Richey Corporation path = /shares/test valid users = '@CALRCO\Domain Admins', @admin write list = '@CALRCO\Domain Admins', @admin read only = No create mask = 0777 directory mask = 0777 map acl inherit = Yes follow symlinks = No I run Active Directory Users and Computers and can see the Samba server. I can right-click on it and click Manage. When I go to manage the shares, I get the following error: Microsoft Management Console The system encountered the following errors while reading the list of shares: Error 5: Access is Denied. When I browse for the share as admin from the domain controller or any other domain member, I am prompted to login. What am I doing wrong? Regards, Allen Miller Network Administrator Lyman-Richey Corporation 402-558-2727 mailto:[EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Permissions problem
I have setup samba and also winbind and have joined an active directory. That part as worked and i can see domain users etc connected and the samba machine can list domain users. However when i right click on a folder in windows and then select permissions then the option to select domain users is greyed out and it is defaulted to the samba machine users. Please could someone tell me how i can select domain users to give more people access to the folder. Thanks -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Permissions problem
What is happening here is how the permissions are setup when the file is created. You will need to change that. Those settings can be found by the following: 1. Go to the SWAT tool. 2. Click on the "Shares" button. 3. Choose the Share. Click on the "Advance View" button. 4. Look under the Security Section. You will see several called "Create Mask" and "Force Create Mask", etc. The two I just listed are the ones you are interested in. This is the bitmap set to the file when the user creates it. You need it to match what you want. If you look through the help it explains each one in great detail. If you have any other questions, let me know. Art Powell Adalante Network Solutions Inc. 9410-C Anderson Mill Road Austin, TX 78729 Off: 1-512-918-2672 Cel: 1-512-633-7577 -Original Message- From: Madison Kelly [mailto:[EMAIL PROTECTED] Sent: Friday, January 09, 2004 9:55 AM To: [EMAIL PROTECTED] Subject: [Samba] Permissions problem Hi everyone (oh yeah, and I am new to the list but have a little Samba experience). I have a Samba 3.0.1 install on a Fedora Core 1 (.2138 kernel non-smp - not that it should matter for this). I have created a group called "osla" for the users in my domain and I have Samba working properly as a PDC, or at least properly in so far as I can join clients to the server, run scripts and so forth. I am using the simple 'smbpasswd' backend and have made sure that users are members of the "osla" group and that their passwords are the same as the Linux 'passwd' passwords. Finally, I chown'ed all the files and folders in the 'public' share to 'root:osla' and then chmod'ed all of the same files to '775'. My problem is that when the user runs a program from their workstation that needs to write to the public share it fails saying that it has insufficient permissions (ie: Quickbooks; app is on the client PC but the data file is on the Samba share). If I then chmod the effected file to '777' and the program suddenly works. Oh, the workstations are all Wind2k Pro SP4 machines. The best I can guess is that despite the user being logged in and a member of "osla" the program must be running under another credential. Am I right here? Users manually can create, delete and edit folders and files and apps like MS Office can open and edit files. Can anyone point me to what may be wrong and perhaps suggest a better way to resolve the problem without chmod'ing directories and files 777? Many thanks!! Madison -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Permissions problem
Hi everyone (oh yeah, and I am new to the list but have a little Samba experience). I have a Samba 3.0.1 install on a Fedora Core 1 (.2138 kernel non-smp - not that it should matter for this). I have created a group called "osla" for the users in my domain and I have Samba working properly as a PDC, or at least properly in so far as I can join clients to the server, run scripts and so forth. I am using the simple 'smbpasswd' backend and have made sure that users are members of the "osla" group and that their passwords are the same as the Linux 'passwd' passwords. Finally, I chown'ed all the files and folders in the 'public' share to 'root:osla' and then chmod'ed all of the same files to '775'. My problem is that when the user runs a program from their workstation that needs to write to the public share it fails saying that it has insufficient permissions (ie: Quickbooks; app is on the client PC but the data file is on the Samba share). If I then chmod the effected file to '777' and the program suddenly works. Oh, the workstations are all Wind2k Pro SP4 machines. The best I can guess is that despite the user being logged in and a member of "osla" the program must be running under another credential. Am I right here? Users manually can create, delete and edit folders and files and apps like MS Office can open and edit files. Can anyone point me to what may be wrong and perhaps suggest a better way to resolve the problem without chmod'ing directories and files 777? Many thanks!! Madison -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Samba permissions problem
Hi, I am a newbie here. I am runnning Samba 2.2.3a which act as a NT workstation connecting to CNS-NT domain. When I tried to connect to Samba, \\Bigred\home is not accessible, you might not have permission to use this network resource. Any help is greatly appreciated. -Paul Hong Samba Newbie. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Re: samba permissions problem
--- juan <[EMAIL PROTECTED]> wrote: > Here is the situation. I have setup a samba server > to authenticate against > Active Directory. I have created a group under my > linux server and created > all the accounts that need to access the share on > the samba server. I gave > the group the rights to the samba share, but when a > user adds to the share a > file or directory and I view the permissions under > linux the owner of that > new file, or directory is not the group anymore, its > the creator. which > creates a big problem because the group needs total > access to any directory > under the share and needs to have full access which > I setup intially but > when a user in the group creates a file he or she > own it and other users can > write to that directory. This involves a basic but obscure feature of Unix security I didn't learn about until recently: Set Group ID (sgid) on directories. New files and directories created inside it inherit the group ID, and anyone in that group will automatically share permissions. You first chmod all directories (NOT files) in your share: find /path/to/share -type d -print0 | xargs -0 chmod g+s Explanation: find = the find command, which finds files matching criteria /path/to/share = any directory where you want to apply inheritence -type d = Directories -print0 = Print with no newlines, for xargs to read | = run this command on the output xargs = run a command on each line input -0 = data comes in with no newlines chmod = change mode g+rwxs = read, write, execute (browse), and set group id Then you chgrp all files: chgrp -R /path/to/share Explanation: chgrp = change group of the files/folders -R = Recursive Finally, add members to your group: gpasswd -a Explanation: gpasswd = the group password command, but we're not setting a password here -a = Add Have the users log out and back in again to take effect. >From then on, all files created in that directory will be in the same group. The user doesn't truly matter, as long as you have at least ---r-x--- for group read-only directories, ---rwx--- for group writeable directories, ---r- for group readable files, ---rw for group writeable files. At least those permissions. You could then safely remove "other" permissions to prevent a breech in security, as everyone should be in that group to have access. This is also useful with Winbind and "winbind use default domain = yes" in smb.conf. I can create a group: groupadd smbwrite Add some users from my NT domain into it: for USER in chris steve mike; do gpasswd -a $USER smbwrite done Set my permissions: find /share/mis -type d -print0 | xargs -0 chmod g+s And then set the group ID: chgrp -R smbwrite /share/mis Also, sgid is the 2 bit in the first number of octal permissions (e.g. chmod 2770 some_directory). Don't forget to have your users log out before trying, and good luck. /dev/idal __ Do you Yahoo!? Yahoo! Shopping - Send Flowers for Valentine's Day http://shopping.yahoo.com -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] samba permissions problem
Here is the situation. I have setup a samba server to authenticate against Active Directory. I have created a group under my linux server and created all the accounts that need to access the share on the samba server. I gave the group the rights to the samba share, but when a user adds to the share a file or directory and I view the permissions under linux the owner of that new file, or directory is not the group anymore, its the creator. which creates a big problem because the group needs total access to any directory under the share and needs to have full access which I setup intially but when a user in the group creates a file he or she own it and other users can write to that directory. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] samba permissions problem
Here is the situation. I have setup a samba server to authenticate against Active Directory. I have created a group under my Linux server and created all the accounts that need to access the share and placed them in the Linux group on the samba server. I gave the group full rights to the samba share, but when a user from the group adds to the samba share a file or directory he or she now owns the file or new directory, and if another user tries to add to the file or create a file or another directory under the new created file or directory the user gets permission denied and I have to re-apply the permissions from the root of the samba share so the group owns everything again and not individual users. How can I setup the share so only the group owns it no matter what user in the group adds to the share. Thank you, Juan -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] samba permissions problem
Here is the situation. I have setup a samba server to authenticate against Active Directory. I have created a group under my Linux server and created all the accounts that need to access the share and placed them in the Linux group on the samba server. I gave the group full rights to the samba share, but when a user from the group adds to the samba share a file or directory he or she now owns the file or new directory, and if another user tries to add to the file or create a file or another directory under the new created file or directory the user gets permission denied and I have to re-apply the permissions from the root of the samba share so the group owns everything again and not individual users. How can I setup the share so only the group owns it no matter what user in the group adds to the share. Thank you, Juan -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Permissions problem
Did u set "encrypt passwords" smb.conf option to yes? Did you set the password using 'smbpasswd -a command? Can you attach a levlel 10 log file. - Ranjit -Original Message- -Original Message-From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Thabu PienaarSent: Thursday, December 05, 2002 2:07 PMTo: [EMAIL PROTECTED]Subject: [Samba] Permissions problem Help Please When I try to connect from Win XP Pro to my Samba Server, I get this error... "Samba is not accessible. You might not have permissiont o use this network resource." (attached error gif). I have a smbpasswd file created from /etc/passwd, configured exactly like my XP username and password. Thanks Thabu Pienaar*ComputerNetWitrivier / White RiverSuid-Afrika / South Africa+27 (0) 83 349-6588
[Samba] Permissions problem
Help Please When I try to connect from Win XP Pro to my Samba Server, I get this error... "Samba is not accessible. You might not have permissiont o use this network resource." (attached error gif). I have a smbpasswd file created from /etc/passwd, configured exactly like my XP username and password. Thanks Thabu Pienaar*ComputerNetWitrivier / White RiverSuid-Afrika / South Africa+27 (0) 83 349-6588 <>
Re: [Samba] SaMBa permissions problem
set a directory mask of 775 see the samba docs... This parameter is the octal modes which are used when converting DOS modes to UNIX modes when creating UNIX directories. When a directory is created, the necessary permissions are calculated according to the mapping from DOS modes to UNIX permissions, and the resulting UNIX mode is then bit-wise 'AND'ed with this parameter. This parameter may be thought of as a bit-wise MASK for the UNIX modes of a directory. Any bit not set here will be removed from the modes set on a directory when it is created. The default value of this parameter removes the 'group' and 'other' write bits from the UNIX mode, allowing only the user who owns the directory to modify it. Following this Samba will bit-wise 'OR' the UNIX mode created from this parameter with the value of the force directory mode parameter. This parameter is set to 000 by default (i.e. no extra mode bits are added). Note that this parameter does not apply to permissions set by Windows NT/2000 ACL editors. If the administrator wishes to enforce a mask on access control lists also, they need to set the directory security mask. See the force directory mode parameter to cause particular mode bits to always be set on created directories. See also the create mode parameter for masking mode bits on created files, and the directory security mask parameter. Also refer to the inherit permissions parameter. Default: directory mask = 0755 Example: directory mask = 0775 On Wed, 2002-10-02 at 18:28, Filipe Joel de Almeida wrote: > Hi, > > > > I'm having a slight problem with samba permissions. > > > > Here goes my scenario: > > > > Red Hat Linux 8.0 with samba > > > > I got a samba share "public" > > > > Users can access the share and write there what they need, but if a user > creates a directory, other users can't access it. > > > > How can I configure things so that everyone in the group accesses > everything in the share? > > > > Filipe Joel de Almeida > > Network Consultant > > [EMAIL PROTECTED] > > Mobile: +351 967819600 > > > -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] SaMBa permissions problem
Hi, I’m having a slight problem with samba permissions. Here goes my scenario: Red Hat Linux 8.0 with samba I got a samba share “public” Users can access the share and write there what they need, but if a user creates a directory, other users can’t access it. How can I configure things so that everyone in the group accesses everything in the share? Filipe Joel de Almeida Network Consultant [EMAIL PROTECTED] Mobile: +351 967819600