I have been trying to setup two samba servers on Fedora Core 2 for the past 30
hours and am about to jump out a window.
I'm simply trying to create a few shares that multiple WinXP clients can
have readonly access to and a select few have write privilages. Also, a few
shares that are are private for a select few users with write privilages. In all
cases, anybody should be able to browse the machine and access most shares.
I have read the smb.conf(5) manual many times... almost memorized the entire
thing ;)
Valid users in the smbpasswd file include nobody and a few others.
Rather than explain my setup... here is a shorter version of my smb.conf file.
[global]
log file = /var/log/samba/%m.log
#log level = 3 passdb:5 auth:10 winbind:2
workgroup = MYDOMAIN
server string =
map to guest = Bad User
username map = /etc/samba/user.map
dead time = 10
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
load printers = no
netbios name = MyServer
invalid users = root
wide links = no
delete readonly = yes
os level = 20
security = user
guest account = nobody
browseable = yes
read only = no
default = software
[software]
# public has read access and dmartz has write access
comment = "Software Archives"
path = /home/software
username = nobody
valid users = dmartz
read list = nobody
write list = dmartz
force user = dmartz
force group = +users
force create mode = 0775
force directory mode = 0775
guest ok = yes
read only = no
[shivaun]
# private share, shivaun & dmartz have write access
comment = "Shivaun Martz Files"
path = /home/shivaun
valid users = dmartz, shivaun
write list = dmartz, shivaun
force user = shivaun
force group = +users
force create mode = 0775
force directory mode = 0775
guest ok = no
[darren]
comment = "Darren Martz Files"
path = /home/dmartz
valid users = dmartz
write list = dmartz
force user = dmartz
force group = +users
force create mode = 0775
force directory mode = 0775
guest ok = no
On each directory I have run "chown xxx:users /home/xxx" and
"chmod 0775 /home/xxx" to avoid any ownership or access issues between
users.
Problems:
1) when I change readonly to yes in global and authorized users do not have
write access.
2) when I leave readonly in global as 'no' then "nobody" can
write and change files??
3) when I add "nobody = *" to the user.map file nobody can log in or
browse anything???
Am I approaching this the wrong way?
Cheers,
Darren
________________________________________________________________
Sent via the WebMail system at shelbrook.com
Darren Martz wrote:> Problems: > 1) when I change readonly to yes in global and authorized users do not have write access.Suggest not putting it in global. Put it in the individual shares.> 2) when I leave readonly in global as 'no' then "nobody" can write and change files?? > 3) when I add "nobody = *" to the user.map file nobody can log in or browse anything???For 2 you may try placeing invalid users = nobody in the individual shares. For 3 I think that what nobody = * means is that nobody = [everybody includeing admin user therefore admin privledges] Try this HOWTO: http://us2.samba.org/samba/docs/man/Samba-Guide/ -- ----------------------------------------------------------------- | I can be reached on the following Instant Messenger services: | |---------------------------------------------------------------| | MSN: j_c_llings@hotmail.com AIM: WyteLi0n ICQ: 123291844 | |---------------------------------------------------------------| | Y!: j_c_llings Jabber: jcllings@njs.netlab.cz | -----------------------------------------------------------------
To clarify a few points...
- Read only either grants write access to everyone or to no one. For some odd
reason it ignores the writelist entry
- Adding nobody=* to the user map causes every share to require authentication,
but none of the user/pass are every accepted
---------- Original Message ----------------------------------
From: "Darren Martz" <darren@shelbrook.com>
Reply-To: darren@shelbrook.com
Date: Wed, 4 Aug 2004 13:16:11 -0700
I have been trying to setup two samba servers on Fedora Core 2 for the past 30
hours and am about to jump out a window.
I'm simply trying to create a few shares that multiple WinXP clients can
have readonly access to and a select few have write privilages. Also, a few
shares that are are private for a select few users with write privilages. In all
cases, anybody should be able to browse the machine and access most shares.
I have read the smb.conf(5) manual many times... almost memorized the entire
thing ;)
Valid users in the smbpasswd file include nobody and a few others.
Rather than explain my setup... here is a shorter version of my smb.conf file.
[global]
log file = /var/log/samba/%m.log
#log level = 3 passdb:5 auth:10 winbind:2
workgroup = MYDOMAIN
server string =
map to guest = Bad User
username map = /etc/samba/user.map
dead time = 10
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
load printers = no
netbios name = MyServer
invalid users = root
wide links = no
delete readonly = yes
os level = 20
security = user
guest account = nobody
browseable = yes
read only = no
default = software
[software]
# public has read access and dmartz has write access
comment = "Software Archives"
path = /home/software
username = nobody
valid users = dmartz
read list = nobody
write list = dmartz
force user = dmartz
force group = +users
force create mode = 0775
force directory mode = 0775
guest ok = yes
read only = no
[shivaun]
# private share, shivaun & dmartz have write access
comment = "Shivaun Martz Files"
path = /home/shivaun
valid users = dmartz, shivaun
write list = dmartz, shivaun
force user = shivaun
force group = +users
force create mode = 0775
force directory mode = 0775
guest ok = no
[darren]
comment = "Darren Martz Files"
path = /home/dmartz
valid users = dmartz
write list = dmartz
force user = dmartz
force group = +users
force create mode = 0775
force directory mode = 0775
guest ok = no
On each directory I have run "chown xxx:users /home/xxx" and
"chmod 0775 /home/xxx" to avoid any ownership or access issues between
users.
Problems:
1) when I change readonly to yes in global and authorized users do not have
write access.
2) when I leave readonly in global as 'no' then "nobody" can
write and change files??
3) when I add "nobody = *" to the user.map file nobody can log in or
browse anything???
Am I approaching this the wrong way?
Cheers,
Darren
________________________________________________________________
Sent via the WebMail system at shelbrook.com
--
To unsubscribe from this list go to the following URL and read the
instructions: http://lists.samba.org/mailman/listinfo/samba
________________________________________________________________
Sent via the WebMail system at shelbrook.com
Thanks for the response!! I tried moving the readonly statement to the individual service entries. Two things happened... 1) I was able to browse but not write even though smbstatus shows that I am connected as an authorized user. 2) As an anonymous users, even public shares now require authorization to connect. ---------- Original Message ---------------------------------- From: "Jim C." <jcllings@javahop.com> Date: Wed, 04 Aug 2004 14:27:30 -0700 Darren Martz wrote:> Problems: > 1) when I change readonly to yes in global and authorized users do not have write access.Suggest not putting it in global. Put it in the individual shares.> 2) when I leave readonly in global as 'no' then "nobody" can write and change files?? > 3) when I add "nobody = *" to the user.map file nobody can log in or browse anything???For 2 you may try placeing invalid users = nobody in the individual shares. For 3 I think that what nobody = * means is that nobody = [everybody includeing admin user therefore admin privledges] Try this HOWTO: http://us2.samba.org/samba/docs/man/Samba-Guide/ -- ----------------------------------------------------------------- | I can be reached on the following Instant Messenger services: | |---------------------------------------------------------------| | MSN: j_c_llings@hotmail.com AIM: WyteLi0n ICQ: 123291844 | |---------------------------------------------------------------| | Y!: j_c_llings Jabber: jcllings@njs.netlab.cz | ----------------------------------------------------------------- -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba ________________________________________________________________ Sent via the WebMail system at shelbrook.com
Correction. 1) Anonymous browsing now works with readonly on each share. 2) Private shares require authorization, but only grant readonly access?? ---------- Original Message ---------------------------------- From: "Jim C." <jcllings@javahop.com> Date: Wed, 04 Aug 2004 14:27:30 -0700 Darren Martz wrote:> Problems: > 1) when I change readonly to yes in global and authorized users do not have write access.Suggest not putting it in global. Put it in the individual shares.> 2) when I leave readonly in global as 'no' then "nobody" can write and change files?? > 3) when I add "nobody = *" to the user.map file nobody can log in or browse anything???For 2 you may try placeing invalid users = nobody in the individual shares. For 3 I think that what nobody = * means is that nobody = [everybody includeing admin user therefore admin privledges] Try this HOWTO: http://us2.samba.org/samba/docs/man/Samba-Guide/ -- ----------------------------------------------------------------- | I can be reached on the following Instant Messenger services: | |---------------------------------------------------------------| | MSN: j_c_llings@hotmail.com AIM: WyteLi0n ICQ: 123291844 | |---------------------------------------------------------------| | Y!: j_c_llings Jabber: jcllings@njs.netlab.cz | ----------------------------------------------------------------- -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba ________________________________________________________________ Sent via the WebMail system at shelbrook.com