Hi, I have suddenly a very strange permission probelm with the shares. No matter what the read permissions in Linux are, ANY user can read EVERY file in a share. For example I have a shere: [spycam] comment = pictures from spy cam path = /export/spycam public = yes create mask = 0660 directory mask = 0770 read list = @smbadm force group = smbadm and the directory /export/spycam has permission mode: drwxrwx--- 3 root smbadm 4096 Sep 19 10:06 /export/spycam/ And it STILL lets everyone read all the files in this directory. It doesn't seem to matter who I log into the domain as, if they are a valid username under Linux, it lets them into the share, and then lets them read all the files. The permissions also work fine from within the Linux environment (no surprise.) So samba is using its root-ness to allow the files to be delivered to any user. Please let me know what I can do or try, this is really scary... Hier is global section of my smb.conf: [global] workgroup = MYDOMAIN guest account = nobody keep alive = 30 os level = 65 kernel oplocks = false security = user socket options = TCP_NODELAY map to guest = Bad User
Zheng,> force group = smbadm > > and the directory /export/spycam has permission mode: > > drwxrwx--- 3 root smbadm 4096 Sep 19 10:06 /export/spycam/If you use the "force group" option then every user who connects to the share will gain the access rights of the group, in your case smbadm. So everyone is able to read the files. Regards, Dirk Kastens............Tel.: +49 541 969-2347 Universitaet Osnabrueck, Rechenzentrum (Computer Center) Albrechtstr. 28, 49078 Osnabrueck, Germany
Zheng Liu wrote:> Hi, > I have suddenly a very strange permission probelm with the shares. > No matter what the read permissions in Linux are, ANY user can read > EVERY file in a share.Make sure you set the 'valid users' tag. For example, here is my [homes] section; [homes] comment = Home directories on RH7.0 valid users = %s browseable = no read only = no create mode = 0750 Regards, Shaun -- Shaun Cloherty Graduate School of Biomedical Engineering University of New South Wales
Zheng, I think this is a side effect of the force group parameter you have for this share; what it actually does is effectively change the effective groupid of whoever is attaching to the share to that group; this has the effect of 1. making sure that any file or directory created on the share owned by that group (which is what most people use it for) 2. making all the files with group permissions for that group on that share accessible to whoever has attached to that share (since their egid is now that group) - this is I THINK what is concerning you. Hope this helps, Don -----Original Message----- From: Zheng Liu [mailto:liu@TI.FhG.DE] Sent: Thursday, February 22, 2001 3:35 AM To: samba@us5.samba.org Subject: strange permission problem Hi, I have suddenly a very strange permission probelm with the shares. No matter what the read permissions in Linux are, ANY user can read EVERY file in a share. For example I have a shere: [spycam] comment = pictures from spy cam path = /export/spycam public = yes create mask = 0660 directory mask = 0770 read list = @smbadm force group = smbadm and the directory /export/spycam has permission mode: drwxrwx--- 3 root smbadm 4096 Sep 19 10:06 /export/spycam/ And it STILL lets everyone read all the files in this directory. It doesn't seem to matter who I log into the domain as, if they are a valid username under Linux, it lets them into the share, and then lets them read all the files. The permissions also work fine from within the Linux environment (no surprise.) So samba is using its root-ness to allow the files to be delivered to any user. Please let me know what I can do or try, this is really scary... Hier is global section of my smb.conf: [global] workgroup = MYDOMAIN guest account = nobody keep alive = 30 os level = 65 kernel oplocks = false security = user socket options = TCP_NODELAY map to guest = Bad User