Garringer, Mark
2003-Dec-23 16:44 UTC
[Samba] Understanding NT Groups and UNIX Permissions with Samba Shares
Hello, I am having some problems understanding a few concepts in Samba while trying to use samba-common-3.0.0-14.3E, samba-client-3.0.0-14.3E and samba-3.0.0-14.3E on RHE 3.0. Basically, I have security = domain. My system is running winbind, I've added the winbind calls to nsswitch.conf. I can get my wbinfo -u and wbinfo -g commands to show me what I want. That all seems happy. I have a test share as follows: [var] path = /var read only = yes valid users = "APAC+GL Tech Services" admin users = "APAC+Domain Admins" and a second share: [hidden] path = /var/SECRET read only = no valid users = "APAC+Pants" The permissions on /var/SECRET are as follows: [root@rhcr0005 var]# ls -ld SECRET/ drwxr-x--- 2 root Pants 4096 Dec 18 17:28 SECRET/ I am, of course, a member of both groups GL Tech Services and Pants. When I browse to the /var share, I can descend into the SECRET folder. When I browse to the /hidden share, I get Network access is denied. In the samba log for my machine, I get errors like: [2003/12/23 10:40:38, 0] smbd/service.c:set_current_service(56) chdir (/var/SECRET) failed [2003/12/23 10:40:38, 0] smbd/service.c:set_current_service(56) chdir (/var/SECRET) failed I guess, from the best of my understanding, that when I connect to nmbd it doesn't know about all my group memberships? If I chmod the /var/SECRET directory back to 755 however, everything works fine. I know my way around UNIX level permissions and groups just fine, but I guess I am missing something here. Thanks! Mark Garringer Manager, Systems Administration "Whatever it takes." APAC Customer Services (319)896-2289
John H Terpstra
2003-Dec-23 16:59 UTC
[Samba] Understanding NT Groups and UNIX Permissions with Samba Shares
Mark, Did you edit /etc/nsswitch.conf so that your have the following: Original: passwd: compat shadow: compat group: compat Edited: passwd: compat winbind shadow: compat winbind group: compat winbind If you have, then try: getent passwd getend group If all is working correctly you should see a listing of your Domain users and groups. - John T. On Tue, 23 Dec 2003, Garringer, Mark wrote:> Hello, I am having some problems understanding a few concepts in Samba while > trying to use samba-common-3.0.0-14.3E, samba-client-3.0.0-14.3E and > samba-3.0.0-14.3E on RHE 3.0. > > Basically, I have security = domain. My system is running winbind, I've > added the winbind calls to nsswitch.conf. I can get my wbinfo -u and wbinfo > -g commands to show me what I want. That all seems happy. > > I have a test share as follows: > [var] > path = /var > read only = yes > valid users = "APAC+GL Tech Services" > admin users = "APAC+Domain Admins" > > and a second share: > > [hidden] > path = /var/SECRET > read only = no > valid users = "APAC+Pants" > > The permissions on /var/SECRET are as follows: > [root@rhcr0005 var]# ls -ld SECRET/ > drwxr-x--- 2 root Pants 4096 Dec 18 17:28 SECRET/ > > I am, of course, a member of both groups GL Tech Services and Pants. When I > browse to the /var share, I can descend into the SECRET folder. When I > browse to the /hidden share, I get Network access is denied. In the samba > log for my machine, I get errors like: > > [2003/12/23 10:40:38, 0] smbd/service.c:set_current_service(56) > chdir (/var/SECRET) failed > [2003/12/23 10:40:38, 0] smbd/service.c:set_current_service(56) > chdir (/var/SECRET) failed > > I guess, from the best of my understanding, that when I connect to nmbd it > doesn't know about all my group memberships? If I chmod the /var/SECRET > directory back to 755 however, everything works fine. > > I know my way around UNIX level permissions and groups just fine, but I > guess I am missing something here. > > Thanks! > > Mark Garringer > Manager, Systems Administration > "Whatever it takes." > APAC Customer Services > (319)896-2289 >-- John H Terpstra Email: jht@samba.org