samba - Jan 2005 - Problems with Access Control for Shares on Samba 2

Hi all !

I have a question regarding the access control in Samba 2. I want to make shares
available to the Windows Network for which only the owner of the share has write
access. Other users however should be able to read and browse these shares.
My smb.conf : 

global]
   workgroup = leat
   guest account = nobody
   keep alive = 30
   os level = 2
   kernel oplocks = false
   security = user

[hobbit5]
    comment = hobbit5 
    path = /ALPHA-DATA/hobbit5
    browseable = yes
    read only = no 
    guest = ok
    valid user = hobbit5 
;    force user = hobbit5

As far as I understand Samba, with this configuration any Samba user should be
able to browse and read the hobbit5 - share, while only hobbit5 himself can
write and delete within this share.
However, what happens is that any Samba user can see the share in the Network
Neighborhood, but except for hobbit5, none can enter it. Windows tells me that
either the path is not correct or I don?t have the network privileges to do
this.

What do I do wrong ?

Thanks,

J?rg

Hi Christoph,

thanks for the help.... unfortunately your suggestion doesn?t change the 
server?s behavior. hobbit5 still has both read and write permission (as 
intended), but other users still can?t enter the directory. Any other ideas 
?

Thanks,

J?rg

> hi,
> to achive what you want the [hobbit5] should read
> [hobbit5]
>      comment = hobbit5
>      path = /ALPHA-DATA/hobbit5
>      browseable = yes
>      read only = yes
>      guest ok = yes
>      write list = hobbit5
>  ;    force user = hobbit5
>
> Christoph
>
> remote schrieb:
>> Hi all !
>>
>> I have a question regarding the access control in Samba 2. I want to
make
>> shares available to the Windows Network for which only the owner of the
>> share has write access. Other users however should be able to read and 
>> browse these shares. My smb.conf : global]
>>    workgroup = leat
>>    guest account = nobody
>>    keep alive = 30
>>    os level = 2
>>    kernel oplocks = false
>>    security = user
>>
>> [hobbit5]
>>     comment = hobbit5 path = /ALPHA-DATA/hobbit5
>>     browseable = yes
>>     read only = no guest = ok
>>     valid user = hobbit5 ;    force user = hobbit5
>>
>> As far as I understand Samba, with this configuration any Samba user 
>> should be able to browse and read the hobbit5 - share, while only
hobbit5
>> himself can write and delete within this share. However, what happens
is
>> that any Samba user can see the share in the Network Neighborhood, but 
>> except for hobbit5, none can enter it. Windows tells me that either the
>> path is not correct or I don?t have the network privileges to do this. 
>> What do I do wrong ?
>>
>> Thanks,
>>
>> J?rg
>

Hi again,
two things:
1.) you did restart samba after making the changes true?
2.) you have changed your line

guest = ok

to

guest ok = yes

Did you?
Christoph

remote schrieb:
> Hi Christoph,
> 
> thanks for the help.... unfortunately your suggestion doesn?t change the 
> server?s behavior. hobbit5 still has both read and write permission (as 
> intended), but other users still can?t enter the directory. Any other 
> ideas ?
> 
> Thanks,
> 
> J?rg
> 
> 
>> hi,
>> to achive what you want the [hobbit5] should read
>> [hobbit5]
>>      comment = hobbit5
>>      path = /ALPHA-DATA/hobbit5
>>      browseable = yes
>>      read only = yes
>>      guest ok = yes
>>      write list = hobbit5
>>  ;    force user = hobbit5
>>
>> Christoph
>>
>> remote schrieb:
>>
>>> Hi all !
>>>
>>> I have a question regarding the access control in Samba 2. I want
to
>>> make shares available to the Windows Network for which only the
owner
>>> of the share has write access. Other users however should be able
to
>>> read and browse these shares. My smb.conf : global]
>>>    workgroup = leat
>>>    guest account = nobody
>>>    keep alive = 30
>>>    os level = 2
>>>    kernel oplocks = false
>>>    security = user
>>>
>>> [hobbit5]
>>>     comment = hobbit5 path = /ALPHA-DATA/hobbit5
>>>     browseable = yes
>>>     read only = no guest = ok
>>>     valid user = hobbit5 ;    force user = hobbit5

J?rg,

I think if you want only one user to be able to write, but any user to be able
to access you should change things as follows:

 [hobbit5]
     comment = hobbit5
     path = /ALPHA-DATA/hobbit5
     browseable = yes
     read only = no
     guest = ok
     write list = hobbit5

The valid users parameter before said that ONLY hobbit5 could access the share.
If you don't specify anything for valid users, the default behavior is that
any user can access the share.

		-Marc
> -----Original Message-----
> From: remote [mailto:remote@leat.ruhr-uni-bochum.de]
> Sent: Wednesday, January 26, 2005 3:53 AM
> To: samba@lists.samba.org
> Subject: [Samba] Problems with Access Control for Shares on Samba 2
> 
> Hi all !
> 
> I have a question regarding the access control in Samba 2. I want to make
> shares available to the Windows Network for which only the owner of the
> share has write access. Other users however should be able to read and
> browse these shares.
> My smb.conf :
> 
> global]
>    workgroup = leat
>    guest account = nobody
>    keep alive = 30
>    os level = 2
>    kernel oplocks = false
>    security = user
> 
> [hobbit5]
>     comment = hobbit5
>     path = /ALPHA-DATA/hobbit5
>     browseable = yes
>     read only = no
>     guest = ok
>     valid user = hobbit5
> ;    force user = hobbit5
> 
> As far as I understand Samba, with this configuration any Samba user
> should be able to browse and read the hobbit5 - share, while only hobbit5
> himself can write and delete within this share.
> However, what happens is that any Samba user can see the share in the
> Network Neighborhood, but except for hobbit5, none can enter it. Windows
> tells me that either the path is not correct or I don?t have the network
> privileges to do this.
> 
> What do I do wrong ?
> 
> Thanks,
> 
> J?rg
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/listinfo/samba

Whops, switch read only = yes, cut and paste error.
> -----Original Message-----
> From: Kaplan, Marc
> Sent: Wednesday, January 26, 2005 9:39 AM
> To: remote; samba@lists.samba.org
> Subject: RE: [Samba] Problems with Access Control for Shares on Samba 2
> 
> J?rg,
> 
> I think if you want only one user to be able to write, but any user to be
> able to access you should change things as follows:
> 
>  [hobbit5]
>      comment = hobbit5
>      path = /ALPHA-DATA/hobbit5
>      browseable = yes
>      read only = no
>      guest = ok
>      write list = hobbit5
> 
> The valid users parameter before said that ONLY hobbit5 could access the
> share. If you don't specify anything for valid users, the default
behavior
> is that any user can access the share.
> 
> 		-Marc
> > -----Original Message-----
> > From: remote [mailto:remote@leat.ruhr-uni-bochum.de]
> > Sent: Wednesday, January 26, 2005 3:53 AM
> > To: samba@lists.samba.org
> > Subject: [Samba] Problems with Access Control for Shares on Samba 2
> >
> > Hi all !
> >
> > I have a question regarding the access control in Samba 2. I want to
> make
> > shares available to the Windows Network for which only the owner of
the
> > share has write access. Other users however should be able to read and
> > browse these shares.
> > My smb.conf :
> >
> > global]
> >    workgroup = leat
> >    guest account = nobody
> >    keep alive = 30
> >    os level = 2
> >    kernel oplocks = false
> >    security = user
> >
> > [hobbit5]
> >     comment = hobbit5
> >     path = /ALPHA-DATA/hobbit5
> >     browseable = yes
> >     read only = no
> >     guest = ok
> >     valid user = hobbit5
> > ;    force user = hobbit5
> >
> > As far as I understand Samba, with this configuration any Samba user
> > should be able to browse and read the hobbit5 - share, while only
> hobbit5
> > himself can write and delete within this share.
> > However, what happens is that any Samba user can see the share in the
> > Network Neighborhood, but except for hobbit5, none can enter it.
Windows
> > tells me that either the path is not correct or I don?t have the
network
> > privileges to do this.
> >
> > What do I do wrong ?
> >
> > Thanks,
> >
> > J?rg
> > --
> > To unsubscribe from this list go to the following URL and read the
> > instructions:  https://lists.samba.org/mailman/listinfo/samba
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/listinfo/samba

hi again :-)

u can use the unix rights to do that:
==========================================================================if
e.g. all users are members of group "win"
hobbit directory must have rights 2770 and has owner root.win
share:
[hobbit]
   comment = only the owner can write
   path = /ALPHA-DATA/hobbit5
   create mode = 0640
   force create mode = 0640
   directory mode = 2770
   force directory mode = 2770

so all users (of group win) has read access and the owner can write.
the "2" bit in directory mode ensures, that newly created directories 
and files has the correct group (win)
==========================================================================if u
want to access all other users, it will be something like this:
[hobbit]
   comment = only the owner can write
   path = /ALPHA-DATA/hobbit5
   create mode = 0644
   force create mode = 0644
   directory mode = 0777
   force directory mode = 0777
==========================================================================i
prefer the first version (it's more secure)

i hope thats the answer u expected...



-- 
mit freundlichen gr?ssen
=======================================================ing. kurt weiss,         
A-6425 Haiming, Gartenweg 3
Tel.: +43 699 1 272 9926    /    Fax: +43 699 4 272 9926
E-Mail: info@kwnet.at
Web: http://www.kwnet.at/ || http://www.oberlandinfo.at/

www.kwnet.at                   ...one step to the future
edv  internet   programmierung   informationstechnologie
mfh servicepoint west                 http://www.mfh.at/
=======================================================empfehlungen:==========================================suche
nach wissen:               http://de.wikipedia.org
legale, gute gratissoftware:  http://www.sourceforge.net
                             http://www.heise.de/software
suche im internet:                  http://www.google.at
=======================================================

remote schrieb:
> Hi all !
> 
> I have a question regarding the access control in Samba 2. I want to make
shares available to the Windows Network for which only the owner of the share
has write access. Other users however should be able to read and browse these
shares.
> My smb.conf : 
> 
> global]
>    workgroup = leat
>    guest account = nobody
>    keep alive = 30
>    os level = 2
>    kernel oplocks = false
>    security = user
> 
> [hobbit5]
>     comment = hobbit5 
>     path = /ALPHA-DATA/hobbit5
>     browseable = yes
>     read only = no 
>     guest = ok
>     valid user = hobbit5 
> ;    force user = hobbit5
> 
> As far as I understand Samba, with this configuration any Samba user should
be able to browse and read the hobbit5 - share, while only hobbit5 himself can
write and delete within this share.
> However, what happens is that any Samba user can see the share in the
Network Neighborhood, but except for hobbit5, none can enter it. Windows tells
me that either the path is not correct or I don?t have the network privileges to
do this.
> 
> What do I do wrong ?
> 
> Thanks,
> 
> J?rg