samba - Oct 2011 - Permisson issue - unix permissions ignored

Hi,

 

I have a share "dev". This share should be readable by all domain
users.


Beneath this share, there is a folder "source " which should only
accessibly by developers.

This folder has unix permissions set to 770 (recursive) , owner is user
"build" and group is "develop".

 

Share setup is:

 

[dev]

        comment = Dev

        path = /export/dev

        valid users = @MYDOMAIN\domain-users

        force group = @MYDOMAIN\develop

        browseable = yes

        read only = no

        create mask = 0664

        directory mask = 0775

        access based share enum = yes

 

security in smb.conf is set to "security = ads".

 

If I connect to this share by a user that is member in "domain-user"
and
NOT in "develop" I can read all files - also all files beneath
"source".

Trying the same on a unix console with the user gives a "Permissions
denied"  like expected.

 

Why did samba ignores the unix file permissions on folder "source" ?

What setting could be wrong?

 

Cheers,

 

Daniel

Isn't this enough?:


[dev]

        comment = Dev

        path = /export/dev

        browseable = yes

        read only = no

        create mask = 0664

        directory mask = 0775

        access based share enum = yes
	hide unreadable = yes
	hide unwriteable files = yes

-----------------------------------------------
EDV Daniel M?ller

Leitung EDV
Tropenklinik Paul-Lechler-Krankenhaus
Paul-Lechler-Str. 24
72076 T?bingen

Tel.: 07071/206-463, Fax: 07071/206-499
eMail: mueller at tropenklinik.de
Internet: www.tropenklinik.de
-----------------------------------------------

-----Urspr?ngliche Nachricht-----
Von: samba-bounces at lists.samba.org [mailto:samba-bounces at lists.samba.org]
Im
Auftrag von Zabel, Daniel
Gesendet: Dienstag, 25. Oktober 2011 11:44
An: samba at lists.samba.org
Betreff: [Samba] Permisson issue - unix permissions ignored

Hi,

 

I have a share "dev". This share should be readable by all domain
users.


Beneath this share, there is a folder "source " which should only
accessibly by developers.

This folder has unix permissions set to 770 (recursive) , owner is user
"build" and group is "develop".

 

Share setup is:

 

[dev]

        comment = Dev

        path = /export/dev

        valid users = @MYDOMAIN\domain-users

        force group = @MYDOMAIN\develop

        browseable = yes

        read only = no

        create mask = 0664

        directory mask = 0775

        access based share enum = yes

 

security in smb.conf is set to "security = ads".

 

If I connect to this share by a user that is member in "domain-user"
and
NOT in "develop" I can read all files - also all files beneath
"source".

Trying the same on a unix console with the user gives a "Permissions
denied"  like expected.

 

Why did samba ignores the unix file permissions on folder "source" ?

What setting could be wrong?

 

Cheers,

 

Daniel

 

 

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

I figured out that "force group" works a little bit different as
expected.

Adding a + before the group did the job.

force group = + at MYDOMAIN\develop

Sorry for wasting your time.

Daniel


-----Urspr?ngliche Nachricht-----
Von: samba-bounces at lists.samba.org [mailto:samba-bounces at lists.samba.org]
Im Auftrag von Zabel, Daniel
Gesendet: Dienstag, 25. Oktober 2011 11:44
An: samba at lists.samba.org
Betreff: [Samba] Permisson issue - unix permissions ignored

Hi,

 

I have a share "dev". This share should be readable by all domain
users.


Beneath this share, there is a folder "source " which should only
accessibly by developers.

This folder has unix permissions set to 770 (recursive) , owner is user
"build" and group is "develop".

 

Share setup is:

 

[dev]

        comment = Dev

        path = /export/dev

        valid users = @MYDOMAIN\domain-users

        force group = @MYDOMAIN\develop

        browseable = yes

        read only = no

        create mask = 0664

        directory mask = 0775

        access based share enum = yes

 

security in smb.conf is set to "security = ads".

 

If I connect to this share by a user that is member in "domain-user"
and NOT in "develop" I can read all files - also all files beneath
"source".

Trying the same on a unix console with the user gives a "Permissions
denied"  like expected.

 

Why did samba ignores the unix file permissions on folder "source" ?

What setting could be wrong?

 

Cheers,

 

Daniel

 

 

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

From: "Zabel, Daniel" <Daniel.Zabel at coremedia.com>
Date: Tue, 25 Oct 2011 11:44:01 +0200
> I have a share "dev". This share should be readable by all domain
users.
> 
> Beneath this share, there is a folder "source " which should only
> accessibly by developers.
> 
> This folder has unix permissions set to 770 (recursive) , owner is user
> "build" and group is "develop".
> Share setup is:
> 
> [dev]
(snip)
>         valid users = @MYDOMAIN\domain-users
>         force group = @MYDOMAIN\develop
(snip)
> If I connect to this share by a user that is member in
"domain-user" and
> NOT in "develop" I can read all files - also all files beneath
"source".
> Why did samba ignores the unix file permissions on folder
"source" ?
You specify "force group" line, which means that the primary group for
every user accessing to the share is changed to "develop".

Thus they can access to the "source".
> Trying the same on a unix console with the user gives a "Permissions
> denied"  like expected.
Of cource "force group" parameter is applied only to connections via
Samba.

---
TAKAHASHI Motonobu <monyo at samba.gr.jp>