I've run into an annoying permission problem with Samba 2.0.2 on FreeBSD 2.2.6. I have a share named siteimages that is set up with "force group = www". User neuro is in group 1000 (user), but not group 1001 (www). The directory for siteimages is 0770, owned by nobody.www. Obviously, neuro does not have access to that directory normally, but forcing the group should give him access. When he tries to connect to the share, we see this in the logfile: -------------------------------------------------- [1999/02/22 20:22:42, 3] smbd/password.c:authorise_login(737) ACCEPTED: validated uid ok as non-guest [1999/02/22 20:22:42, 3] smbd/service.c:make_connection(354) Forced group www [1999/02/22 20:22:42, 3] smbd/service.c:make_connection(386) Connect path is /home/www/network/siteimages [1999/02/22 20:22:42, 3] smbd/password.c:setup_groups(192) neuro is in 2 groups: 1001, 1001 [1999/02/22 20:22:42, 3] lib/doscalls.c:dos_ChDir(327) dos_ChDir to /home/www/network/siteimages [1999/02/22 20:22:42, 0] smbd/service.c:make_connection(441) Can't change directory to /home/www/network/siteimages (Permission denied) -------------------------------------------------- The only way I can get this to work is to either make the directory 0775 or actually add neuro to the www group. But the "force group" option is pretty pointless, if that's the way it has to be. Any ideas what I might be missing? Thanks, Dave ---------------------------------------------------------------------- Dave Walton Webmaster, Postmaster Emusic walton@emusic.com http://www.emusic.com ----------------------------------------------------------------------
Hi Crazy Samba People, I've set up a share with the following attributes. [test] path = /home/test comment = Testing Permissions write list = +Accounting read list = +Accounting The directory /home/test has the following permissions drwxrwxrwx 2 root root 4096 Jan 25 11:23 test I'm connecting from a windows workstation with a user that is not in the Accounting group. When I try to copy a file to the share I get an accessed denied message, which is what I want. When I read a file from the share I am able to do so successfully which is not what I want. I realize Samba must use the system file permissions but shouldn't the config override them for reading as it did for the writing? Thanks, Dustin
It seems @ has the same behavior. After reading some more of the Using Samba book I found these definitions. write list: Specifies a list of users that have read-write access to a read only share. read list: Specifies a list of users that have read-only access to a writable share. I was assuming read list meant 'list of users that can read the share' and write list meant 'list of users that can write to the share'. It seems that's not the case. I think I've found the behavior I want by changing my share definition to the following [test] path = /home/test comment = Testing Permissions valid users = @Accounting @Graphics write list = @Accounting read list = @Accounting @Graphics Dustin> -----Original Message----- > From: Chris Herrmann [mailto:chris@faredge.com.au] > Sent: Thursday, January 25, 2001 7:31 PM > To: 'Dustin Butler'; 'samba (E-mail)' > Subject: RE: Permissions Problem > > is it supposed to be @Accounting ??? > > -----Original Message----- > From: samba-admin@lists.samba.org > [mailto:samba-admin@lists.samba.org]On > Behalf Of Dustin Butler > Sent: Friday, 26 January 2001 11:52 > To: samba (E-mail) > Subject: Permissions Problem > > Hi Crazy Samba People, > > I've set up a share with the following attributes. > > [test] > path = /home/test > comment = Testing Permissions > write list = +Accounting > read list = +Accounting > > The directory /home/test has the following permissions > > drwxrwxrwx 2 root root 4096 Jan 25 11:23 test > > I'm connecting from a windows workstation with a user that is > not in the > Accounting group. When I try to copy a file to the share I > get an accessed > denied message, which is what I want. When I read a file > from the share I > am able to do so successfully which is not what I want. I > realize Samba > must use the system file permissions but shouldn't the config > override them > for reading as it did for the writing? > > Dustin
Skipped content of type multipart/alternative-------------- next part -------------- A non-text attachment was scrubbed... Name: sambaerr.gif Type: image/gif Size: 26301 bytes Desc: not available Url : http://lists.samba.org/archive/samba/attachments/20021205/7c2a8e94/sambaerr.gif
Help Please When I try to connect from Win XP Pro to my Samba Server, I get this error... "Samba is not accessible. You might not have permissiont o use this network resource....." (attached error gif). I have a smbpasswd file created from /etc/passwd, configured exactly like my XP username and password. Thanks Thabu Pienaar ***************** ComputerNet Witrivier / White River Suid-Afrika / South Africa +27 (0) 83 349-6588 -------------- next part -------------- HTML attachment scrubbed and removed
I've done some testing.... from the Samba server, 'smbclient -B 192.168.0.255' samba returns a name query failed to find-error. All names are in all LMHOSTS and HOSTS files on both Win & Linux machines. All other smbclient tests worked fine. Can see shares from Linux on Win, only reverse not (from Win to Linux). Can also connect to a Wins share from Samba srvr. It seems that the Linux box doesn't respond to name queries. How can I fix it? Here is my smb.conf file... **************************************************************************** [global] panic action = /usr/share/samba/panic-action %d workgroup = PRIVATE netbios name = SAMBA server string = %h server (samba %v) security = user encrypt passwords = yes smb passwd file = /etc/samba/smbpasswd guest ok = no null passwords = Yes passwd program = /usr/bin/passwd %u passwd chat debug = yes debug level = 3 log level = 3 passwd chat = *Enter\snew\SUNIX\spassword:*%n\n *Retype\snew\SUNIX\spassword:* %n\n*passwd:\spassword\supdated*. unix password sync = yes syslog = 0 log file = /var/log/samba/log.%m max log size = 1000 socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 domain logons = no local master = yes os level = 64 preferred master = yes domain master = yes enhanced browsing = yes wins support = yes printcap name = /etc/printcap load printers = yes print command = lp -d%p -oraw %s; rm %s lpq command = lpstat -o%p lprm command = cancel %p-%j queuepause command = disable %p queueresume command = enable %p show add printer wizard = yes printing = lprng preserve case = no short preserve case = no default case = lower case sensitive = no [netlogon] comment = network Logon Service path = /home/samba/netlogon guest ok = yes share modes = no hosts allow = 192.168.0. 192.168.1. 127. #============================ Share Definitions ============================= [homes] comment = Home Directories browseable = no writable = yes valid users = %S create mode = 0664 directory mode = 0775 map to guest = bad user [tmp] comment = Temporary file space path = /tmp read only = no public = yes [public] comment = Public Stuff path = /home/samba public = yes writable = yes printable = no write list = @staff [thabusdir] comment = Thabu's Service path = /home/thabu valid users = thabu root Thabu public = no writable = yes printable = no [myshare] comment = Thabu and Antoinette's stuff path = /home/public valid users = thabu antoinette Thabu Antoinette public = no writable = yes printable = no create mask = 0765 *************************************************************** Thanks Thabu ----- Original Message ----- From: Thabu Pienaar To: samba@lists.samba.org Sent: Friday, December 06, 2002 12:07 AM Subject: Permissions problem Help Please When I try to connect from Win XP Pro to my Samba Server, I get this error... "Samba is not accessible. You might not have permissiont o use this network resource....." (attached error gif). I have a smbpasswd file created from /etc/passwd, configured exactly like my XP username and password. Thanks Thabu Pienaar ***************** ComputerNet Witrivier / White River Suid-Afrika / South Africa +27 (0) 83 349-6588 -------------- next part -------------- HTML attachment scrubbed and removed