I have been trying to setup two samba servers on Fedora Core 2 for the past 30 hours and am about to jump out a window. I'm simply trying to create a few shares that multiple WinXP clients can have readonly access to and a select few have write privilages. Also, a few shares that are are private for a select few users with write privilages. In all cases, anybody should be able to browse the machine and access most shares. I have read the smb.conf(5) manual many times... almost memorized the entire thing ;) Valid users in the smbpasswd file include nobody and a few others. Rather than explain my setup... here is a shorter version of my smb.conf file. [global] log file = /var/log/samba/%m.log #log level = 3 passdb:5 auth:10 winbind:2 workgroup = MYDOMAIN server string = map to guest = Bad User username map = /etc/samba/user.map dead time = 10 socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 load printers = no netbios name = MyServer invalid users = root wide links = no delete readonly = yes os level = 20 security = user guest account = nobody browseable = yes read only = no default = software [software] # public has read access and dmartz has write access comment = "Software Archives" path = /home/software username = nobody valid users = dmartz read list = nobody write list = dmartz force user = dmartz force group = +users force create mode = 0775 force directory mode = 0775 guest ok = yes read only = no [shivaun] # private share, shivaun & dmartz have write access comment = "Shivaun Martz Files" path = /home/shivaun valid users = dmartz, shivaun write list = dmartz, shivaun force user = shivaun force group = +users force create mode = 0775 force directory mode = 0775 guest ok = no [darren] comment = "Darren Martz Files" path = /home/dmartz valid users = dmartz write list = dmartz force user = dmartz force group = +users force create mode = 0775 force directory mode = 0775 guest ok = no On each directory I have run "chown xxx:users /home/xxx" and "chmod 0775 /home/xxx" to avoid any ownership or access issues between users. Problems: 1) when I change readonly to yes in global and authorized users do not have write access. 2) when I leave readonly in global as 'no' then "nobody" can write and change files?? 3) when I add "nobody = *" to the user.map file nobody can log in or browse anything??? Am I approaching this the wrong way? Cheers, Darren ________________________________________________________________ Sent via the WebMail system at shelbrook.com
Darren Martz wrote:> Problems: > 1) when I change readonly to yes in global and authorized users do not have write access.Suggest not putting it in global. Put it in the individual shares.> 2) when I leave readonly in global as 'no' then "nobody" can write and change files?? > 3) when I add "nobody = *" to the user.map file nobody can log in or browse anything???For 2 you may try placeing invalid users = nobody in the individual shares. For 3 I think that what nobody = * means is that nobody = [everybody includeing admin user therefore admin privledges] Try this HOWTO: http://us2.samba.org/samba/docs/man/Samba-Guide/ -- ----------------------------------------------------------------- | I can be reached on the following Instant Messenger services: | |---------------------------------------------------------------| | MSN: j_c_llings@hotmail.com AIM: WyteLi0n ICQ: 123291844 | |---------------------------------------------------------------| | Y!: j_c_llings Jabber: jcllings@njs.netlab.cz | -----------------------------------------------------------------
To clarify a few points... - Read only either grants write access to everyone or to no one. For some odd reason it ignores the writelist entry - Adding nobody=* to the user map causes every share to require authentication, but none of the user/pass are every accepted ---------- Original Message ---------------------------------- From: "Darren Martz" <darren@shelbrook.com> Reply-To: darren@shelbrook.com Date: Wed, 4 Aug 2004 13:16:11 -0700 I have been trying to setup two samba servers on Fedora Core 2 for the past 30 hours and am about to jump out a window. I'm simply trying to create a few shares that multiple WinXP clients can have readonly access to and a select few have write privilages. Also, a few shares that are are private for a select few users with write privilages. In all cases, anybody should be able to browse the machine and access most shares. I have read the smb.conf(5) manual many times... almost memorized the entire thing ;) Valid users in the smbpasswd file include nobody and a few others. Rather than explain my setup... here is a shorter version of my smb.conf file. [global] log file = /var/log/samba/%m.log #log level = 3 passdb:5 auth:10 winbind:2 workgroup = MYDOMAIN server string = map to guest = Bad User username map = /etc/samba/user.map dead time = 10 socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 load printers = no netbios name = MyServer invalid users = root wide links = no delete readonly = yes os level = 20 security = user guest account = nobody browseable = yes read only = no default = software [software] # public has read access and dmartz has write access comment = "Software Archives" path = /home/software username = nobody valid users = dmartz read list = nobody write list = dmartz force user = dmartz force group = +users force create mode = 0775 force directory mode = 0775 guest ok = yes read only = no [shivaun] # private share, shivaun & dmartz have write access comment = "Shivaun Martz Files" path = /home/shivaun valid users = dmartz, shivaun write list = dmartz, shivaun force user = shivaun force group = +users force create mode = 0775 force directory mode = 0775 guest ok = no [darren] comment = "Darren Martz Files" path = /home/dmartz valid users = dmartz write list = dmartz force user = dmartz force group = +users force create mode = 0775 force directory mode = 0775 guest ok = no On each directory I have run "chown xxx:users /home/xxx" and "chmod 0775 /home/xxx" to avoid any ownership or access issues between users. Problems: 1) when I change readonly to yes in global and authorized users do not have write access. 2) when I leave readonly in global as 'no' then "nobody" can write and change files?? 3) when I add "nobody = *" to the user.map file nobody can log in or browse anything??? Am I approaching this the wrong way? Cheers, Darren ________________________________________________________________ Sent via the WebMail system at shelbrook.com -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba ________________________________________________________________ Sent via the WebMail system at shelbrook.com
Thanks for the response!! I tried moving the readonly statement to the individual service entries. Two things happened... 1) I was able to browse but not write even though smbstatus shows that I am connected as an authorized user. 2) As an anonymous users, even public shares now require authorization to connect. ---------- Original Message ---------------------------------- From: "Jim C." <jcllings@javahop.com> Date: Wed, 04 Aug 2004 14:27:30 -0700 Darren Martz wrote:> Problems: > 1) when I change readonly to yes in global and authorized users do not have write access.Suggest not putting it in global. Put it in the individual shares.> 2) when I leave readonly in global as 'no' then "nobody" can write and change files?? > 3) when I add "nobody = *" to the user.map file nobody can log in or browse anything???For 2 you may try placeing invalid users = nobody in the individual shares. For 3 I think that what nobody = * means is that nobody = [everybody includeing admin user therefore admin privledges] Try this HOWTO: http://us2.samba.org/samba/docs/man/Samba-Guide/ -- ----------------------------------------------------------------- | I can be reached on the following Instant Messenger services: | |---------------------------------------------------------------| | MSN: j_c_llings@hotmail.com AIM: WyteLi0n ICQ: 123291844 | |---------------------------------------------------------------| | Y!: j_c_llings Jabber: jcllings@njs.netlab.cz | ----------------------------------------------------------------- -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba ________________________________________________________________ Sent via the WebMail system at shelbrook.com
Correction. 1) Anonymous browsing now works with readonly on each share. 2) Private shares require authorization, but only grant readonly access?? ---------- Original Message ---------------------------------- From: "Jim C." <jcllings@javahop.com> Date: Wed, 04 Aug 2004 14:27:30 -0700 Darren Martz wrote:> Problems: > 1) when I change readonly to yes in global and authorized users do not have write access.Suggest not putting it in global. Put it in the individual shares.> 2) when I leave readonly in global as 'no' then "nobody" can write and change files?? > 3) when I add "nobody = *" to the user.map file nobody can log in or browse anything???For 2 you may try placeing invalid users = nobody in the individual shares. For 3 I think that what nobody = * means is that nobody = [everybody includeing admin user therefore admin privledges] Try this HOWTO: http://us2.samba.org/samba/docs/man/Samba-Guide/ -- ----------------------------------------------------------------- | I can be reached on the following Instant Messenger services: | |---------------------------------------------------------------| | MSN: j_c_llings@hotmail.com AIM: WyteLi0n ICQ: 123291844 | |---------------------------------------------------------------| | Y!: j_c_llings Jabber: jcllings@njs.netlab.cz | ----------------------------------------------------------------- -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba ________________________________________________________________ Sent via the WebMail system at shelbrook.com