On Thu, Dec 31, 2009 at 7:35 AM, Martin Balint <martin.balint at
gmail.com>wrote:
> Hello,
> I configured samba fileserver as a member of samba domain. PDC and
> fileserver are different machines.
> It works great using windows sharing.
> Now, I need to set up apache to serve my shares, but I am having
> problem with permissions. Apache runs as www-user, and doesn't see
> content in shares.
> So I would like to ask, what is the proper way to use apache (or
> another http server) to serve files on file server.
> Using Ubuntu 9.10 and Samba 3.4.0-3ubuntu5.1.
>
> Thanks for help,
> Martin
>
> Right now, my configuration is:
> smb.conf
> [global]
> workgroup = DOMAIN.EU
> netbios name = share2
> server string = %h server (Samba, Ubuntu)
> log file = /var/log/samba/log.%m
> max log size = 1000
> syslog = 0
> panic action = /usr/share/samba/panic-action %d
>
> winbind separator = +
> idmap uid = 10000-20000
> idmap gid = 10000-20000
> winbind enum users = yes
> winbind enum groups = yes
>
> security = domain
> password server = *
>
> [software]
> comment = Shared software
> path = /srv/fileserver/software
> force group = "DOMAIN.EU+domain users"
> create mask = 0660
> directory mask = 0770
> writable = yes
>
> /etc/nsswitch.conf:
> passwd: compat winbind
> group: compat winbind
>
> # ls -la /srv/fileserver/software/
> total 20
> drwxrwxrwx 5 root root 4096 2009-12-31 12:12
> .
> drwxr-xr-x 3 root root 4096 2009-12-31 00:08
> ..
> drwxrwx--- 2 DOMAIN.EU+martin DOMAIN.EU+domain users 4096 2009-12-31 00:24
> test2
> drwxrwx--- 2 DOMAIN.EU+martin DOMAIN.EU+domain users 4096 2009-12-31 12:11
> test3
> drwxrwx--- 2 DOMAIN.EU+martin DOMAIN.EU+domain users 4096 2009-12-31 12:12
> test4
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/options/samba
>
I guess you are trying to do this with wedav. I've looked and have not found
a good Linux solution. To use Apache, you would have to write a listener
that forks an Apache process as the user. That is expensive and there is no
pre-built solution out there. We finally gave up and used Windows 2008 with
IIS 7 which can do this natively. We set-up a web site who's root is our
samba share (we only have one share and specify all permissions through
ACLs). This preserves permissions and owners so that quotas are not thrown
off.
We initially did some nasty group member things to get it to work with
Apache, but the management overhead was a nightmare and went with the
Windows solution even though we wanted to go Linux.
Robert LeBlanc
Life Sciences & Undergraduate Education Computer Support
Brigham Young University