Re: [newbie] I'm losting my samba's shares after some time... permission denied... help plz.
Well, this problema is resolved... I just make my shares out of my /home directory... thanx guys for all tips and solutions... Flávio Henrique - Original Message - From: Flávio Henrique To: [EMAIL PROTECTED] Sent: Thursday, May 06, 2004 3:08 PM Subject: [newbie] I'm losting my samba's shares after some time... permission denied... help plz. Hi guys! I made some shares here through samba 2.2.8 and put the permissions in this share like this: 'chmod -R 777 /share', to make sure that all users will open... and everything goes fine... but after some time, nobody can access the share... so, I open the log in /var/log/samba/log.user, i.e., and I can see the problem: "Can't chage the directory to /share (Permission denied)" but the permission is 777, like I said before... the share only works again if I type 'chmod -R 777 /share' again... this is the only reason that I can not change definitely my server... plz, someone have a hint for this ?? thanx Flávio Henrique
RE: [newbie] I'm losting my samba's shares after some time... permission denied... help plz.
Hi, Do you have wins support = yes in the [global] section of /etc/samba/smb.conf ? os level = 33 domain master = yes preferred master = yes local master = yes wins support = yes domain logons = yes Configure all PC's to use the linux box's IP address as their WINS server and only use the TCP/IP protocol on the PC. (Remove NetBeui protocol). Are these PC's in the same workgroup as the linux machine? Samba - cups printing is kinda boinked on my system right now, so I can't really help you on that one. Bill Shirley -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Flávio Henrique Sent: Tuesday, May 11, 2004 11:33 AM To: [EMAIL PROTECTED] Subject: Re: [newbie] I'm losting my samba's shares after some time... permission denied... help plz. Bill, I'm happy to say you that works... I create my directories shares out of my /home and works... But now I got another problem... All my win98 clients see their neighborhood area empty... no itens but the network is there and works fine... all users is working... if they hit \\server, e.g., the windows explorer opens it fine.. some clue ?? and, maybe, this is the reason too, that my users can't print in any shared printer... all shared printer goes offline.. everytime... I thank you one more time.. Flávio Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com Join the Club : http://www.mandrakeclub.com
RE: [newbie] I'm losting my samba's shares after some time... permission denied... help plz.
Hi Bill, thanx for your reply... Hi, Do you have wins support = yes in the [global] section of /etc/samba/smb.conf ? os level = 33 domain master = yes preferred master = yes local master = yes wins support = yes domain logons = yes yes.. I have this entries in my smb.conf, but do not work... Configure all PC's to use the linux box's IP address as their WINS server and only use the TCP/IP protocol on the PC. (Remove NetBeui protocol). Ok... Are these PC's in the same workgroup as the linux machine? Yes... but I'm trying to resolve other problem (the printers) right now... the problem with neighborhood network is secundary (I can avoid this mapping some drivers with netlogon) Samba - cups printing is kinda boinked on my system right now, so I can't really help you on that one. that's ok... I already make some progress here :) I can install a network printer in my Linux server, print and share it with samba, and I can install it in a client win98... I just must know why the client can't print through this printer.. thanx for all Bill Shirley Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com Join the Club : http://www.mandrakeclub.com
Re: [newbie] I'm losting my samba's shares after some time... permission denied... help plz.
Flávio Henrique wrote: Bill, I'm happy to say you that works... I create my directories shares out of my /home and works... But now I got another problem... All my win98 clients see their neighborhood area empty... no itens but the network is there and works fine... all users is working... if they hit \\server, e.g., the windows explorer opens it fine.. some clue ?? and, maybe, this is the reason too, that my users can't print in any shared printer... all shared printer goes offline.. everytime... I thank you one more time.. Flávio Do you have more then one protocal installed on the Windows machines? If you are using more then TCP/IP, you can run into a problem of having more then one master browser for the workgroup. If the election of the master browser takes place using a protocal other then TCP/IP, the Samba servers do not take part. So Samba isn't talking to to the machine that the Windows machines are using for a master browser, and do not apear in the neighborhood. Mikkel -- Do not meddle in the affairs of dragons, for you are crunchy and taste good with Ketchup! Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com Join the Club : http://www.mandrakeclub.com
Re: [newbie] I'm losting my samba's shares after some time... permission denied... help plz.
Bill, I'm happy to say you that works... I create my directories shares out of my /home and works... But now I got another problem... All my win98 clients see their neighborhood area empty... no itens but the network is there and works fine... all users is working... if they hit \\server, e.g., the windows explorer opens it fine.. some clue ?? and, maybe, this is the reason too, that my users can't print in any shared printer... all shared printer goes offline.. everytime... I thank you one more time.. Flávio Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com Join the Club : http://www.mandrakeclub.com
Re: [newbie] I'm losting my samba's shares after some time... permission denied... help plz.
Bill, I would like to thank you again... well, I would run ls -ld /share/docs before doing 'chmod -R 750 /share/docs' to see if the permissions had been changed. Also, I you should use 2770 as the permissions. 2xxx sets the sticky bit which means all files/directories created in this directory will have the group of this directory. the permission changed right... no problem with this... Ok.. I will use 2xxx permission... I did not understood what means this '2' I do not see /share/docs in your smb.conf. I see /home/docs and /home/c. Where you put the share is important as far as msec is concerned. I just create the share directory with another name... but using yours instructions... There are five security levels for msec. I am using security level 3 for msec: [EMAIL PROTECTED] msec]# cat /etc/sysconfig/msec META_CLASS=PowerPack SECURE_LEVEL=3 CLASS=expert UMASK_ROOT=027 UMASK_USER=022 TMOUT=0 My security level is 3, and my msec file have this: UMASK_ROOT=022 SECURE_LEVEL=3 UMASK_USER=022 TMOUT=0 which means that msec will use /usr/share/msec/perm.3 as the control file for setting permissions. If you use SECURE_LEVEL=2, then examine /usr/share/msec/perm.2 and so on. Let us assume you are level 3. Examine /usr/share/msec/perm.3. Do you see the lines: /home/root.root 755 /home/* current 711 yes they are there... msec will decrease the permissions on /home to at most 755. However, I think the next line is biting you. msec will set the permissions on all directories off of /home to at most 711. Therefore, if /home/docs is where you put the directory, msec is clobbering the permissions. If you move /home/docs to /home/shares/docs then the permissions will not be affected. This is what I would reccomend. hmmm... this is great! I, personally, use: [EMAIL PROTECTED] msec]# ls -ld /lan /lan/shares /lan/shares/Apps drwxr-xr-x 9 root root 4096 Jul 26 2003 /lan/ drwxr-x--x 23 bill smbusers 4096 Apr 30 00:08 /lan/shares/ drwxrwsr-x 12 bill smbusers 4096 Jun 30 2003 /lan/shares/Apps/ [Apps] comment = Windows/MS-DOS applications (r/w) path = /lan/shares/Apps browseable = yes guest ok = yes writeable = no write list = @smbusers create mask = 771 directory mask = 770 map hidden = yes map system = yes map archive = yes available = yes smbusers is the group that I put all samba users in. It is not affected by msec: /root.adm755 which would affect /share, or by: /home/* current 711 which would affect /home/docs. msec is sometimes a pain, but I am learning to live with it. I haven't disabled msec in the far chance that if my system ever gets compromized, msec may help me. HTH, Bill Shirley I will try to create the directories in /home/shares/docs to see what happens... when I install Mandrake, I create a partition for each /, /home, /usr, /var, /tmp directories, to avoid lost data in some crash... so maybe creating my shares directories in another partition than /home resolve this problem (?) I will try your hints and will let you know... Thank you again. Flávio Henrique Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com Join the Club : http://www.mandrakeclub.com
Re: [newbie] I'm losting my samba's shares after some time... permission denied... help plz.
Yes, msec will mess your permissions up on /share. I will show you how to do this for the samba share docs that is accessable by docusers. You already have /share so as root cd /share chown root.root . chmod 755 . groupadd docusers mkdir -m 2770 docs chown root.docusers docs add this to smb.conf [Docs] comment = share for docusers path = /share/docs browseable = no guest ok = no valid users = @docusers writeable = yes create mask = 771 directory mask = 770 map hidden = yes map archive = yes map system = yes available = yes now edit /etc/group and find the entry for docusers docusers:x:499: [Note, the number may be different. That's ok.] now add the users that you want to be able to access this share to this line and save your changes docusers:x:499:user1,user2,user4 After saving the changes, then finally do a: service smb reload Your users may have to log off and back on before they can map the drive. They won't see the share in Network Neighborhood because we set browesable = no. Change it to yes if needed. If you make a change you must do: service smb reload and they MAY need to log off and back on to see your change. Each file or directory created in /share/docs will be owned by the user that created it and have the group of docusers. All members of group docusers can edit/delete files/directories. Hope this helps, Bill Shirley Bill... very thanx for this help... now I learn more about some permissions issues... I did everything what you said... create the /share, the /docs, the permissions, etc... while I was copying some files, from a win98 client machine to my new /share/docs directory, I was testing in another win98 client machine to see if I could see the files in /share/docs and I seeing... all goes fine... BUT after some minutes, in this same machine (that I was able to see the files), the share is broken again... I can't see the content of share... I can see the share but is like I haven't the right permission So, the /share/docs only works again if I type 'chmod -R 750 /share/docs' again in shell.. maybe some information mine helps... above is my smb.conf.. I'm using Samba to autenticate the users in domain... and the autentication is fine... the users logins without problems... I don't know if I'm saying right, but I'm using two networks one where the users is working (all machines win98, workgroup=PROVENDA, ip fixed) other (?) with my linux server is running a samba with workgroup=PROV and just one machine within this workgroup (to tests the /shares) the files that I was copying was located in a machine in workgroup=PROVENDA, that I was monted throug LinNeighborhood... Plz Bill... any comments??? (the directory name was changed, like you can see, ok? but I think this is no the problem...) Thanx for everything... My smb.conf # Samba config file created using SWAT # from localhost (127.0.0.1) # Date: 2004/05/07 18:12:37 # Global parameters [global] workgroup = PROV netbios name = HOST server string = Samba Server %v encrypt passwords = Yes map to guest = Bad User log file = /var/log/samba/log.%m max log size = 50 socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 printcap name = cups domain logons = Yes os level = 0 preferred master = Yes domain master = Yes dns proxy = No printer admin = @adm printing = cups [homes] comment = Home Directories read only = No browseable = No [printers] comment = All Printers path = /var/spool/samba create mask = 0700 guest ok = Yes printable = Yes print command = lpr-cups -P %p -o raw %s -r # using client side printer drivers. browseable = No [print$] path = /var/lib/samba/printers write list = @adm root guest ok = Yes [pdf-generator] comment = PDF Generator (only valid users) path = /var/tmp printable = Yes print command = /usr/share/samba/scripts/print-pdf %s ~%u //%L/%u %m %I [pdf-screen] comment = PDF Generator - Screen quality (only valid users) path = /var/tmp printable = Yes print command = /usr/share/samba/scripts/print-pdf %s ~%u //%L/%u %m %I %S copy = pdf-generator [pdf-printer] comment = PDF Generator - Print quality (only valid users) path = /var/tmp printable = Yes print command = /usr/share/samba/scripts/print-pdf %s ~%u //%L/%u %m %I %S copy = pdf-generator [pdf-prepress] comment = PDF Generator - PrePress quality (only valid users) path = /var/tmp printable = Yes print command = /usr/share/samba/scripts/print-pdf %s ~%u //%L/%u %m %I %S copy = pdf-generator [Documentos] comment = share for docusers path = /home/docs browseable = yes guest ok = no valid users = @colaboradores writeable = yes create mask = 771 directory mask = 770 map hidden = yes map archive = yes map system = yes available = yes [c] comment = diretorio raiz do sistema path = /home/c browseable = yes guest ok = no valid users =
Re: [newbie] I'm losting my samba's shares after some time... permission denied... help plz.
Yes, msec will mess your permissions up on /share. I will show you how to do this for the samba share docs that is accessable by docusers. You already have /share so as root cd /share chown root.root . chmod 755 . groupadd docusers mkdir -m 2770 docs chown root.docusers docs add this to smb.conf [Docs] comment = share for docusers path = /share/docs browseable = no guest ok = no valid users = @docusers writeable = yes create mask = 771 directory mask = 770 map hidden = yes map archive = yes map system = yes available = yes now edit /etc/group and find the entry for docusers docusers:x:499: [Note, the number may be different. That's ok.] now add the users that you want to be able to access this share to this line and save your changes docusers:x:499:user1,user2,user4 After saving the changes, then finally do a: service smb reload Your users may have to log off and back on before they can map the drive. They won't see the share in Network Neighborhood because we set browesable = no. Change it to yes if needed. If you make a change you must do: service smb reload and they MAY need to log off and back on to see your change. Each file or directory created in /share/docs will be owned by the user that created it and have the group of docusers. All members of group docusers can edit/delete files/directories. Hope this helps, Bill Shirley Maybe this helps... seems this happens only if the conection is idle for some time... If I keep working in the client machine, the /share/docs works without problems thanx Flávio Henrique Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com Join the Club : http://www.mandrakeclub.com
[newbie] I'm losting my samba's shares after some time... permission denied... help plz.
Hi guys! I made some shares here through samba 2.2.8 and put the permissions in this share like this: 'chmod -R 777 /share', to make sure that all users will open... and everything goes fine... but after some time, nobody can access the share... so, I open the log in /var/log/samba/log.user, i.e., and I can see the problem: "Can't chage the directory to /share (Permission denied)" but the permission is 777, like I said before... the share only works again if I type 'chmod -R 777 /share' again... this is the only reason that I can not change definitely my server... plz, someone have a hint for this ?? thanx Flávio Henrique
Re: [newbie] I'm losting my samba's shares after some time... permission denied... help plz.
Flávio Henrique wrote: Hi guys! I made some shares here through samba 2.2.8 and put the permissions in this share like this: 'chmod -R 777 /share', to make sure that all users will open... and everything goes fine... but after some time, nobody can access the share... so, I open the log in /var/log/samba/log.user, i.e., and I can see the problem: Can't chage the directory to /share (Permission denied) but the permission is 777, like I said before... the share only works again if I type 'chmod -R 777 /share' again... this is the only reason that I can not change definitely my server... plz, someone have a hint for this ?? thanx Flávio Henrique It sounds like you have msec running along behind you cleaning up the permissions.. 777 is a dangerous permission and you shouldn't be suing it.. You are better off telling samba to use one user for all users.. and then set the files to 600 in the shares., (and change their owner and group to the owner and group that you have just set the share up to use.) Try something like this for a share: [myshare] comment = a test share path = /home/allusers force user = franki force group = franki public = no writable = yes printable = no Thats much better security then using open permissions.. -- rgds Frank Hauptle (aka Franki) For free scripts, online webmaster tools, HTML, XHTML, Perl PHP tutorials and stuff, visit: http://htmlfixit.com Free web developer resources. Please sign our petition to encourage notebook manufacturers to offer video card upgrades just like desktops. http://www.petitiononline.com/inspiron/petition.html Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com Join the Club : http://www.mandrakeclub.com
Re: [newbie] I'm losting my samba's shares after some time... permission denied... help plz.
Flávio Henrique wrote: Hi guys! I made some shares here through samba 2.2.8 and put the permissions in this share like this: 'chmod -R 777 /share', to make sure that all users will open... and everything goes fine... but after some time, nobody can access the share... so, I open the log in /var/log/samba/log.user, i.e., and I can see the problem: Can't chage the directory to /share (Permission denied) but the permission is 777, like I said before... the share only works again if I type 'chmod -R 777 /share' again... this is the only reason that I can not change definitely my server... plz, someone have a hint for this ?? thanx Flávio Henrique It sounds like you have msec running along behind you cleaning up the permissions.. I can't understand this... what's 'msec' ?? 777 is a dangerous permission and you shouldn't be suing it.. Yes, I know, but I use this just to see if the share it will be done... You are better off telling samba to use one user for all users.. and then set the files to 600 in the shares., (and change their owner and group to the owner and group that you have just set the share up to use.) Try something like this for a share: [myshare] comment = a test share path = /home/allusers force user = franki force group = franki public = no writable = yes printable = no But do your think this have relations with why my share is losting after some time? for explanation, I use my linux as a single machine in my network (without domain, just a workgroup) thanx Flávio Henrique Thats much better security then using open permissions.. -- rgds Frank Hauptle (aka Franki) Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com Join the Club : http://www.mandrakeclub.com
Re: [newbie] I'm losting my samba's shares after some time... permission denied... help plz.
Flávio Henrique wrote: It sounds like you have msec running along behind you cleaning up the permissions.. I can't understand this... what's 'msec' ?? msec is a collection of security scripts that run nightly and tries to stop insecure practises.. stuff like open executable file permissions.. man msec will give you more info on that. 777 is a dangerous permission and you shouldn't be suing it.. Yes, I know, but I use this just to see if the share it will be done... Don't understand what you mean here.. you already know the share works, the question is why use it when there is a better way? You are better off telling samba to use one user for all users.. and then set the files to 600 in the shares., (and change their owner and group to the owner and group that you have just set the share up to use.) Try something like this for a share: [myshare] comment = a test share path = /home/allusers force user = franki force group = franki public = no writable = yes printable = no But do your think this have relations with why my share is losting after some time? Yes, I know, because I did the same thing long ago, and had the same problem.. you'll have other problems with multi user programs as well. (in australia we have a business accounting software package called MYOB, and if you use your method and multiple users access the file, it will always end up causing problems.) for explanation, I use my linux as a single machine in my network (without domain, just a workgroup) Thats fine, what my suggestion does, is make it such that any user on the network that writes or accesses a file in the share, uses the same user and group as everyone else on the network, meaning that all users have access, and they all use the same user/group.. that way the permissions on the files can be much lower then they are now, where the files are accessed by the login user they used. Trust me, it works great, I've been using it for ages. thanx Flávio Henrique Thats much better security then using open permissions.. -- rgds Frank Hauptle (aka Franki) For free scripts, online webmaster tools, HTML, XHTML, Perl PHP tutorials and stuff, visit: http://htmlfixit.com Free web developer resources. Please sign our petition to encourage notebook manufacturers to offer video card upgrades just like desktops. http://www.petitiononline.com/inspiron/petition.html Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com Join the Club : http://www.mandrakeclub.com
RE: [newbie] I'm losting my samba's shares after some time... permission denied... help plz.
Yes, msec will mess your permissions up on /share. I will show you how to do this for the samba share docs that is accessable by docusers. You already have /share so as root cd /share chown root.root . chmod 755 . groupadd docusers mkdir -m 2770 docs chown root.docusers docs add this to smb.conf [Docs] comment = share for docusers path = /share/docs browseable = no guest ok = no valid users = @docusers writeable = yes create mask = 771 directory mask = 770 map hidden = yes map archive = yes map system = yes available = yes now edit /etc/group and find the entry for docusers docusers:x:499: [Note, the number may be different. That's ok.] now add the users that you want to be able to access this share to this line and save your changes docusers:x:499:user1,user2,user4 After saving the changes, then finally do a: service smb reload Your users may have to log off and back on before they can map the drive. They won't see the share in Network Neighborhood because we set browesable = no. Change it to yes if needed. If you make a change you must do: service smb reload and they MAY need to log off and back on to see your change. Each file or directory created in /share/docs will be owned by the user that created it and have the group of docusers. All members of group docusers can edit/delete files/directories. Hope this helps, Bill Shirley -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of frankieh Sent: Thursday, May 06, 2004 6:53 PM To: [EMAIL PROTECTED] Subject: Re: [newbie] I'm losting my samba's shares after some time... permission denied... help plz. Flávio Henrique wrote: Flávio Henrique wrote: hmmm.. so this msec thing break the shares because is too risk ? I'm right ? is that what your mean ?? It doesn't break the share, it has nothing to do with samba at all. It seems the files that are writable and executable to everyone, and it changes them to safer permissions. in fact, the permission still displayed like dwrxwrxwrx for my share... but the users can access it... even that, I need to give 'chmod 777 /share' again to work... yes, but are the files still 777 Flávio Henrique Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com Join the Club : http://www.mandrakeclub.com
Re: [newbie] I'm losting my samba's shares after some time... permission denied... help plz.
On Thursday 06 May 2004 03:52 pm, frankieh wrote: Flávio Henrique wrote: Flávio Henrique wrote: hmmm.. so this msec thing break the shares because is too risk ? I'm right ? is that what your mean ?? It doesn't break the share, it has nothing to do with samba at all. It seems the files that are writable and executable to everyone, and it changes them to safer permissions. in fact, the permission still displayed like dwrxwrxwrx for my share... but the users can access it... even that, I need to give 'chmod 777 /share' again to work... yes, but are the files still 777 Flávio Henrique My solution is to KILL G%^%$#$ msec. I HATE msec, because I know what permissions I want on my files and I don't want to be hand-held by any program. It is especially not necessary on a home network where everyone is (or should be) a trusted user. To kill msec so that it can't run, as root go to /usr/sbin and rename the msec executable to DISABLEmsec. Presto, no more permissions changes on shared folders. An added bonus is no more filling up of logs with msec messages. e. Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com Join the Club : http://www.mandrakeclub.com