Eric Geater 11/26/03
2003-Dec-01 20:59 UTC
[Samba] Samba 2.2.8 doesn't allow to write to group share
Two issues, and I'll discuss them both: I created on my NT4 domain a group called "branch99". They're a "local group" as far as NT is concerned, and it has two members; myself, and another fellow down the hall. My end quest is to create a share on a Mandrake 9.2 box running Samba 2.2.8, and have it permit or deny file access based on NT's typical discretions. Using a recipe found in "Linux for Windows Administrators", I set up the following smb.conf file: [global] name resolve order = wins lmhosts bcast wins server = 172.16.128.1 wins support = no domain master = no local master = no os level = 10 preferred master = no workgroup = MARTIN server string = ZEKEJAX Test netbios name = ZEKEJAX security = domain password server = * encrypt passwords = yes smb passwd file = /etc/samba/smbpasswd The group in question is this: [branch99test] comment = Branch 99's Test Share path = /home/branch99 valid users = @branch99 browseable = yes read only = no create mode = 0660 directory mode = 0770 I have already successfully joined the domain. There is another (liberal rules) share that I can get to with no problems at all. I can even double-click the "branch99test" share, and see the file that appears (a single text file created from the Mandrake box; even my Windows box can open it). But I can't write (create) in the directory. Can anyone postulate as to why? I don't mind if kstovall (not a member of "branch99") can't do it, but I'm in that group, and I can't do it from an XP or 98 box joined to the domain. Thanks! Eric
Do all the files in that directory have branch99 as their group? Try adding "force group = branch99" to the share definition in smb.conf, and chmod-ing everything already in there to 660 (or 770 for directories). Otherwise the group ownership of the files will be the user's primary group, which may or may not be branch99. I have a share set up that way and it works fine. edd On Monday 01 Dec 2003 8:59 pm, Eric Geater 11/26/03 wrote:> Two issues, and I'll discuss them both: > > I created on my NT4 domain a group called "branch99". They're a "local > group" as far as NT is concerned, and it has two members; myself, and > another fellow down the hall. My end quest is to create a share on a > Mandrake 9.2 box running Samba 2.2.8, and have it permit or deny file > access based on NT's typical discretions. > > Using a recipe found in "Linux for Windows Administrators", I set up the > following smb.conf file: > > [global] > name resolve order = wins lmhosts bcast > wins server = 172.16.128.1 > wins support = no > domain master = no > local master = no > os level = 10 > preferred master = no > workgroup = MARTIN > server string = ZEKEJAX Test > netbios name = ZEKEJAX > security = domain > password server = * > encrypt passwords = yes > smb passwd file = /etc/samba/smbpasswd > > The group in question is this: > > [branch99test] > comment = Branch 99's Test Share > path = /home/branch99 > valid users = @branch99 > browseable = yes > read only = no > create mode = 0660 > directory mode = 0770 > > I have already successfully joined the domain. > > There is another (liberal rules) share that I can get to with no > problems at all. I can even double-click the "branch99test" share, and > see the file that appears (a single text file created from the Mandrake > box; even my Windows box can open it). But I can't write (create) in > the directory. Can anyone postulate as to why? I don't mind if > kstovall (not a member of "branch99") can't do it, but I'm in that > group, and I can't do it from an XP or 98 box joined to the domain. > > Thanks! > > Eric-- Edd Payne IT Co-ordinator University of London Union Malet Street, London WC1E 7HY tel: 020 7664 2060 fax: 020 7436 4604
Buchan Milne
2003-Dec-02 16:09 UTC
[Samba] Samba 2.2.8 doesn't allow to write to group share
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1> Message: 18 > Date: Mon, 1 Dec 2003 14:59:16 -0600 > From: "Eric Geater 11/26/03" <egeater@mscoinc.com> > Subject: [Samba] Samba 2.2.8 doesn't allow to write to group share > To: "'Samba Mailing List'" <samba@lists.samba.org> > Message-ID: <007401c3b84d$fb59ba20$6300a8c0@93egeater> > Content-Type: text/plain; charset="us-ascii" > > Two issues, and I'll discuss them both: > > I created on my NT4 domain a group called "branch99". They're a "local > group" as far as NT is concerned, and it has two members; myself, and > another fellow down the hall. My end quest is to create a share on a > Mandrake 9.2 box running Samba 2.2.8, and have it permit or deny file > access based on NT's typical discretions. > > Using a recipe found in "Linux for Windows Administrators", I set up the > following smb.conf file:Hmm, you trust a Windows book more than the default configuration file, which should give you many more, and better hints, than an outdated Windows-centric book ...> > [global] > name resolve order = wins lmhosts bcast > wins server = 172.16.128.1 > wins support = no > domain master = no > local master = no > os level = 10 > preferred master = no > workgroup = MARTIN > server string = ZEKEJAX Test > netbios name = ZEKEJAX > security = domain > password server = * > encrypt passwords = yes > smb passwd file = /etc/samba/smbpasswd > > The group in question is this: > > [branch99test] > comment = Branch 99's Test Share > path = /home/branch99 > valid users = @branch99 > browseable = yes > read only = no > create mode = 0660 > directory mode = 0770 > > I have already successfully joined the domain.Are you running winbind? If so, then, you (with the absence of 'winbind use default domain = yes') should have groups named something like MARTIN\branch99 (you an check with 'wbinfo -g'), so your 'valid users' line should be something like: valid users = @"MARTIN\branch99" (the quotes may not be necessary in this case, but for other Windows groups they may be).> There is another (liberal rules) share that I can get to with no > problems at all. I can even double-click the "branch99test" share, and > see the file that appears (a single text file created from the Mandrake > box; even my Windows box can open it). But I can't write (create) in > the directory. Can anyone postulate as to why? I don't mind if > kstovall (not a member of "branch99") can't do it, but I'm in that > group, and I can't do it from an XP or 98 box joined to the domain.Without seeing your share definition and/or the permissions of the directory in question, it's difficult to postulate. But, in general, here is some advice: 1)Whenever possible, use the filesystem to store access controls, rather than configuration files. Next month you may give a user ssh access, and then they may have greater or lesser access to the files than you allowed with samba. If you use the filesystem permissions, they will be identical. Mandrake supports Posix-ACLs (not quite NT ACLs, but good enough for most applications) on XFS (and has since Mandrake 8.1). 2)Please have a look at the default smb.conf (or maybe you still have an intact /etc/samba/smb-winbind.conf to peruse), it would probably have saved you a lot of hassle (IMHO). 3)You can setup winbind authentication during installation (at least for Windows NT domains), which should do most things quite well for you. Regards, Buchan - -- |--------------Another happy Mandrake Club member--------------| Buchan Milne Mechanical Engineer, Network Manager Cellphone * Work +27 82 472 2231 * +27 21 8828820x202 Stellenbosch Automotive Engineering http://www.cae.co.za GPG Key http://ranger.dnsalias.com/bgmilne.asc 1024D/60D204A7 2919 E232 5610 A038 87B1 72D6 AC92 BA50 60D2 04A7 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.3 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQE/zLkYrJK6UGDSBKcRAlOIAKCIlQrlsieeckebRmEx9b/Tb55E1gCfcOcG OeLQqaMfD394OGc7drI53jQ=zSO0 -----END PGP SIGNATURE-----