Bino,
The permissions should be 770 for directories. They need execute
privileges for directories to be able to get access to the directories.
You should be able to set the files for 660 though I don't believe it
will keep windows from executing a file.
With 'force' before 'create mask' or 'directory mask'
allows you to set
bits. You should have 'create mask 660' to force files (other than
directories) to not allow setting of the execute bit. And directories
should usually be 'force directory mask 770' with maybe a 'directory
mask 770' before this to prevent anyone allowing a directory to be
read/writeable by everyone.
James
-----Original Message-----
From: samba-bounces at lists.samba.org
[mailto:samba-bounces at lists.samba.org] On Behalf Of
samba-request at lists.samba.org
Sent: Wednesday, January 06, 2010 2:00 PM
To: samba at lists.samba.org
Subject: samba Digest, Vol 85, Issue 6
----------------------------------------------------------------------
Message: 1
Date: Wed, 06 Jan 2010 08:51:33 +0700
From: Bino Oetomo <bino at indoakses-online.com>
To: ?????? <mail_of_sergey at mail.ru>
Cc: samba at lists.samba.org
Subject: Re: [Samba] PDC directory permission fail
Message-ID: <4B43ECA5.1010801 at indoakses-online.com>
Content-Type: text/plain; charset=KOI8-R; format=flowed
Dear Serg and All
?????? wrote:> Hello, Bino!
>
>
>> I use webmin to do the samba PDC configuration
>>
> IMHO, insuffisient
>
Agree ...
I did some direct edit to conf file
>> [warehouse]
>> comment = Files of warehouse
>> writeable = yes
>> path = /hdd2/samba/groupfiles/warehouse
>>
>> when I create that share via webmin i use option :
>> a. mode : 775
>> b. Create user : Root
>> c. Create Group : warehouse.
>>
>> 4. From my XP station , I login to that domain with user name
"wh01",
>> the results is :
>> a. Successfull login
>> b. wh01 can create a file in the home directory (/home/wh01)
>>
>
>
>> But, wh01 can not write file to share "warehouse"
>>
> Which permission to the new file? May be 644? :)
> IMHO, user have right to write directory, but have not right to write
file.> Look man smb.conf for "force create mode", "force directory
mode" or
http://wiki.samba.org/index.php/Frequently_Asked_Questions#inherit_permi
ssions>
>
Thankyou for your enlightment
I read that documentation, but I don't want uuser to be able to execute
things in directory
So I chage the share to :
[warehouse]
create mode = 660
path = /hdd2/samba/groupfiles/warehouse
directory mode = 660
force group = warehouse
(and the dircory is auto created with user:group as root:warehouse)
Still the user with group "warehouse" can not access (event just
"open")
the directory
so I try to delete the share ... manualy remove the dir , and re create
the share (and dir) with :
[warehouse]
create mode = 760
path = /hdd2/samba/groupfiles/warehouse
directory mode = 760
force group = warehouse
Still the user with group "warehouse" can not access (event just
"open")
the directory
Again, I try to delete the share ... manualy remove the dir , and re
create the share (and dir) with :
[warehouse]
create mode = 770
path = /hdd2/samba/groupfiles/warehouse
directory mode = 770
force group = warehouse
And ... voila ... the user can access (read-write) into the shares ...
But it'll means that the user can also "execute" somethings inside
directory ... right ?
Why we need the "execute" bit in directory permission just to let the
user to "read and write only" ?
Just fyi, my system is based on :
++ Ubuntu Jaunty
++ Samba 3.32
Sincerely
-bino-