Re: [Samba] Permissions problem...I must be overlooking *something*...

[Patrick Boettcher]

Hi,

I nearly have the same problem as David.

I have a share:

[forall]
   path = /home/data/forall
   read only   = yes
   write list  = Administrator, @lehrer, @domadm, @verwaltung
   force user  = root
   force group = staff
   create mask = 0664
   directory mask = 0775

and

rwxrwxr-x9 root staff   4096 Jul 27 12:42 forall

Neither Administrator nor any of the given group members are allowed to
create any files in this path.

But, when I remove the force * attributes everything works like
expected... except the owner/group is not set, of course.

I could be wrong, but this problems occurs firstly when I
started to migrate to samba 3.0.4 (and now 3.0.5). In an environment with
samba 3.0.2a (and below) this is working.

The logs only tell me, that this is a read-only share and it is not
possible to write to.

I use Samba as PDC with LDAP backend also for posix accounts.

David, did you solve your problem already?

Thanks for any help,

Patrick
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Permissions problem...I must be overlooking *something*...

[Mike Stewart]

Hi, just a thought

Are the LINUX permissions on the directory set correctly ? Make sure it's
owned by your group,  I got caught out by that a few times when I created a
new directory as root and then tried to share it for users

Mike

- Original Message - 
From: David Brodbeck [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Tuesday, July 13, 2004 4:56 PM
Subject: RE: [Samba] Permissions problem...I must be overlooking
*something*...


  -Original Message-
  From: Mark Lidstone [mailto:[EMAIL PROTECTED]

  You've probably only put them in because of the problem you're having,
  but writeable/writable and read only are actually the same setting
  but reversed.  E.g. writeable/writable = yes is the same as
  read only
  = no.  Therefore you only need to put one or the other.

 Yes, I know.  I originally only had writable = yes, but I added the other
 out of frustration with Samba insisting the share is read-only.

  Anyway, onto my suggestion.  Have you restarted samba since
  you made the
  share writeable?

 Yes, I sent the HUP signal to the daemon to tell it to re-load its
 configuration file.

  Also, if you're forcing group INTERCLEAN+Domain Admins and setting
  valid users to the same, won't everyone be able to write to
  the share
  as a domain admin?

 Would they?  I figured only Domain Admins would be allowed to access the
 share at all, then the force group would take effect after that.  I took
 the force group line out, but it made no difference, I still can't
create
 any files.
 -- 
 To unsubscribe from this list go to the following URL and read the
 instructions:  http://lists.samba.org/mailman/listinfo/samba




---
Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.712 / Virus Database: 468 - Release Date: 28/06/2004


-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

RE: [Samba] Permissions problem...I must be overlooking *something*...

[Mark Lidstone]

Hi David,

First of all I'll suggest the obvious (probably not your problem here,
but it's worth a shot).

You've probably only put them in because of the problem you're having,
but writeable/writable and read only are actually the same setting
but reversed.  E.g. writeable/writable = yes is the same as read only
= no.  Therefore you only need to put one or the other.  If you stick
to only using one it can make your smb.conf easier to read.  This won't
be causing the problem, it's just a bit of config file snobbery  ;)

Anyway, onto my suggestion.  Have you restarted samba since you made the
share writeable?

Also, if you're forcing group INTERCLEAN+Domain Admins and setting
valid users to the same, won't everyone be able to write to the share
as a domain admin?  Seems a bit like a security risk to me, but then I'm
sure you've a good reason why you've done this.

I hope this helps,

Mark Lidstone
IT and Network Support Administrator

BMT SeaTech Ltd
Grove House, Meridians Cross, 7 Ocean Way
Ocean Village, Southampton.  SO14 3TJ. UK
Tel: +44 (0)23 8063 5122 
Fax: +44 (0)23 8063 5144

E-Mail:  mailto:[EMAIL PROTECTED]
Website: www.bmtseatech.co.uk

==
Confidentiality Notice and Disclaimer: 
The contents of this e-mail and any attachments are intended only for
the
use of the e-mail addressee(s) shown. If you are not that person, or one
of those persons, you are not allowed to take any action based upon it
or
to copy it, forward, distribute or disclose the contents of it and you
should please delete it from your system. BMT SeaTech Limited does not
accept liability for any errors or omissions in the context of this
e-mail
or its attachments which arise as a result of Internet transmission, nor
accept liability for statements which are those of the author and not
clearly made on behalf of BMT SeaTech Limited.

==
  

-Original Message-
From: David Brodbeck [mailto:[EMAIL PROTECTED] 
Sent: 13 July 2004 15:56
To: '[EMAIL PROTECTED]'
Subject: [Samba] Permissions problem...I must be overlooking
*something*...


I have a share I can't seem to create files on, and I can't figure out
why. I get Access denied from Windows, and the samba log shows this:

[2004/07/13 10:52:26, 2] smbd/open.c:open_directory(1293)
  open_directory: failing create on read-only share
[2004/07/13 10:52:26, 2] smbd/open.c:open_directory(1293)
  open_directory: failing create on read-only share

The share has the following definition:

[webfiles]
path = /var/www
force group = INTERCLEAN+Domain Admins
valid users = @INTERCLEAN+Domain Admins
writable = yes
read only = no

Here are the permissions on /var/www:

# file: www
# owner: root
# group: INTERCLEAN+Domain Admins
user::rwx
group::rwx
other::r-x

I'm in the Domain Admins group.  Why doesn't this work?  I'm sure
there's something silly I'm overlooking, but I can't see what it is
right now.

---

David Brodbeck, System Administrator
InterClean Equipment, Inc.
3939 Bestech Drive Suite B
Ypsilanti, MI 48197
(734) 975-2967 x221
(734) 975-1646 (fax)
 

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba
--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba