I have set up samba to be recognized on my NT/2K domain network and it does a great job with single user files. I have attempted to use the file system to hold network programs and have run into this problem. Some programs restrict the use of the program to one user;however, when installed on a 2K or NT server there is unlimited access.
This I think is a limitation of Unix. In NT we can assign any number of users and groups with varied rights to any group of files or folders. In UNIX you can only assign one user and one group to a set of files so either one person has control of the file, everyone in a group has control of the file, or the world has control of the file. I wish there was a better way to do this because I can think of special cases where you need to do more specific things for instance: I have a Linux web server. One of the directories I would like to have multiple users given Read/write control to so they can edit the web content. I'd like some of the directories to be read only to certain users and others to be read to everyone. I can't really think of an efficient way to do this with the UNIX OS, but it would be very simple under NT. -Dan -----Original Message----- From: Squires,Ron [mailto:squiresr@odem-edroy.k12.tx.us] Sent: Wednesday, February 06, 2002 10:04 AM To: samba@lists.samba.org Subject: [Samba] Only one user for a file I have set up samba to be recognized on my NT/2K domain network and it does a great job with single user files. I have attempted to use the file system to hold network programs and have run into this problem. Some programs restrict the use of the program to one user;however, when installed on a 2K or NT server there is unlimited access. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
This is a traditional limitation - however many filesystems support ACLs (Access Control Lists) which allow you to do permissions as you desire - with multiple users/groups getting a variety of access permissions. I am unsure what support there might be in samba for such implementations. -j On Wed, 6 Feb 2002, Thomas, Daniel J. wrote:> This I think is a limitation of Unix. In NT we can assign any number of > users and groups with varied rights to any group of files or folders. In > UNIX you can only assign one user and one group to a set of files so either > one person has control of the file, everyone in a group has control of the > file, or the world has control of the file. I wish there was a better way > to do this because I can think of special cases where you need to do more > specific things for instance:John Marquart | Experienced UNIX System Administrator 1-812-948-6699 | AIX, LINUX, TSM jomarqua@techie.com |
Umm, I may be wrong, but I think the issue of the original post is a file locking problem. That is, only 1 user at a time can run the network app off the Samba file share. On Wed, 6 Feb 2002, John Marquart wrote: This is a traditional limitation - however many filesystems support ACLs (Access Control Lists) which allow you to do permissions as you desire - with multiple users/groups getting a variety of access permissions. I am unsure what support there might be in samba for such implementations. -j On Wed, 6 Feb 2002, Thomas, Daniel J. wrote:> This I think is a limitation of Unix. In NT we can assign any number of > users and groups with varied rights to any group of files or folders. In > UNIX you can only assign one user and one group to a set of files so either > one person has control of the file, everyone in a group has control of the > file, or the world has control of the file. I wish there was a better way > to do this because I can think of special cases where you need to do more > specific things for instance:John Marquart | Experienced UNIX System Administrator 1-812-948-6699 | AIX, LINUX, TSM jomarqua@techie.com |
Actually, in my case the users is going to FTP in to the machine to upload or download web content. This is actually for a sort of club where there are officers who should have the ability to create and edit web content, club members who need to read certain member only content, and then certain other content should be open to read by any user. Maybe I can do this by creating a bunch of groups and assigning groups to certain folders? I'm not familiar with ACL's but I'll look into it. Thanks, -Dan -----Original Message----- From: Christian Barth [mailto:barth@cck.uni-kl.de] Sent: Wednesday, February 06, 2002 11:03 AM To: 'Squires,Ron'; samba@lists.samba.org; Thomas, Daniel J. Subject: RE: [Samba] Only one user for a file I'm not sure what you mean wit "restrict the use to one user". Do you mean if one user runs the application and an other one wants to start it simultaniously, he gets a permission denied? In this case I would try "locking = no" and a few other parameters for the share in smb.conf. Or do you mean only a certain user can run the application independend from what the other do? Than you may have to tune file and directory permissions. Does this application need to write to its files (ini's, locking, ...)> This I think is a limitation of Unix. In NT we can assign any number of > users and groups with varied rights to any group of files or folders. In > UNIX you can only assign one user and one group to a set of files soeither> one person has control of the file, everyone in a group has control of the > file, or the world has control of the file. I wish there was a better way > to do this because I can think of special cases where you need to do more > specific things for instance: > I have a Linux web server. One of the directories I would like to have > multiple users given Read/write control to so they can edit the webcontent.> I'd like some of the directories to be read only to certain users andothers> to be read to everyone. I can't really think of an efficient way to dothis> with the UNIX OS, but it would be very simple under NT.With Unix users and groups you can be very tricky, and if you do not maind to set up a couple of groups everything commonly needed can be done. Or, a last in my experience: It can be done more than the normal user wants to use actively (to my option file permissions of data is user stuff not admin work). If you realy run out of possiblities you can set up ACL'a on Unix to. Christian> -Dan > > -----Original Message----- > From: Squires,Ron [mailto:squiresr@odem-edroy.k12.tx.us] > Sent: Wednesday, February 06, 2002 10:04 AM > To: samba@lists.samba.org > Subject: [Samba] Only one user for a file > > > I have set up samba to be recognized on my NT/2K domain network and itdoes> a great job with single user files. I have attempted to use the filesystem> to hold network programs and have run into this problem. Some programs > restrict the use of the program to one user;however, when installed on a2K> or NT server there is unlimited access. > > -- > To unsubscribe from this list go to the following URL and read the > instructions: http://lists.samba.org/mailman/listinfo/samba > > -- > To unsubscribe from this list go to the following URL and read the > instructions: http://lists.samba.org/mailman/listinfo/samba >_(_)_ wWWWw _ @@@@ (_)@(_) vVVVv _ @@@@ (___) _(_)_ @@()@@ wWWWw (_)\ (___) _(_)_ @@()@@ Y (_)@(_) @@@@ (___) `|/ Y (_)@(_) @@@@ \|/ (_)\ / Y \| \|/ /(_) \| |/ | \ | \ |/ | / \ | / \|/ |/ \| \|/ jgs|// \\|/// \\\|//\\\|/// \|/// \\\|// \\|// \\\|// ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
Thomas, On Wed, 6 Feb 2002 10:43:51 -0500, Thomas, Daniel J. wrote:>This I think is a limitation of Unix. In NT we can assign any number >of users and groups with varied rights to any group of files or >folders. In UNIX you can only assign one user and one group to a set >of files so either one person has control of the file, everyone in a >group has control of the file, or the world has control of the file. >I wish there was a better way to do this because I can think of >special cases where you need to do more specific things for instance:>I have a Linux web server. One of the directories I would like to >have multiple users given Read/write control to so they can edit the >web content.Just create a share for this purpose and configure "force user = XXX" where XXX should be some special user noone logs in with. Now go to the directory and do "chown -R XXX ." . Everyone who is allowed to connect to the share will act in charge of user XXX, all files and directories are owned by XXX, so the problem will be gone. Regards, Robert -- Robert.Dahlem@gmx.net Sent using PMMail (http://www.pmmail2000.com) - fast, decent, email software; far better than Outlook. Try it sometime.