hai, ? I have a question, and im not seeing it.. samba version 3.6.6 , ldap connected for auth, domain member. ? I have this share. [db] ??????? comment =?DB Share ??????? path = /db ??????? browseable = yes ??????? writeable = yes ??????? wide links = yes ??????? follow symlinks = yes ??????? read list = @"DOMAIN\admingroup1" ??????? write list = @"DOMAIN\admingroup1" ??????? force user =?dbowner ??????? force group =?dbgroup ??????? create mode = 666 ??????? directory mode = 777 in smb.conf? ??? security = domain all users of admgroup1 can write, thats ok. Now im testing, and a user not member of admingroup1 is able to access and write in this share. ? I'm not seeing whats wrong. i've read : http://www.samba.org/samba/docs/man/manpages-3/smb.conf.5.html? but still, i dont understand why the userX, not member of admingroup1 still can write in the share. ? any advices? ? Louis ?
On Tue, 2013-11-05 at 14:41 +0100, L.P.H. van Belle wrote:> hai, > > I have a question, and im not seeing it.. > samba version 3.6.6 , ldap connected for auth, domain member. > > I have this share. > [db] > comment = DB Share > path = /db > browseable = yes > writeable = yes > wide links = yes > follow symlinks = yes > read list = @"DOMAIN\admingroup1" > write list = @"DOMAIN\admingroup1" > force user = dbowner > force group = dbgroup > create mode = 666 > directory mode = 777 > > in smb.conf security = domain > all users of admgroup1 can write, thats ok. > Now im testing, and a user not member of admingroup1 is able to access and write in this share. > > I'm not seeing whats wrong. > i've read : http://www.samba.org/samba/docs/man/manpages-3/smb.conf.5.html > but still, i dont understand why the userX, not member of admingroup1 still can write in the share. > > any advices? > > Louis >Hi Try: create mode = 770 lose directory mode for the moment. HTH Steve
Hai, I really need these options, :-((> create mode = 770 >lose directory mode for the moment.this is because of some automated processed on multiple linux servers, and access from windows users.>> read list = @"DOMAIN\admingroup1" >> write list = @"DOMAIN\admingroup1" >> force user = dbowner >> force group = dbgroup >> create mode = 666 >> directory mode = 777This is why im using the windows group to allow/deny access. my question is, how can i make it work, so a windows user, not member of the group admingroup1 , cannot access the share at all. Louis>-----Oorspronkelijk bericht----- >Van: steve [mailto:steve at steve-ss.com] >Verzonden: dinsdag 5 november 2013 15:53 >Aan: L.P.H. van Belle >CC: samba at lists.samba.org >Onderwerp: Re: [Samba] share rights question > >On Tue, 2013-11-05 at 14:41 +0100, L.P.H. van Belle wrote: >> hai, >> >> I have a question, and im not seeing it.. >> samba version 3.6.6 , ldap connected for auth, domain member. >> >> I have this share. >> [db] >> comment = DB Share >> path = /db >> browseable = yes >> writeable = yes >> wide links = yes >> follow symlinks = yes >> read list = @"DOMAIN\admingroup1" >> write list = @"DOMAIN\admingroup1" >> force user = dbowner >> force group = dbgroup >> create mode = 666 >> directory mode = 777 >> >> in smb.conf security = domain >> all users of admgroup1 can write, thats ok. >> Now im testing, and a user not member of admingroup1 is able >to access and write in this share. >> >> I'm not seeing whats wrong. >> i've read : >http://www.samba.org/samba/docs/man/manpages-3/smb.conf.5.html >> but still, i dont understand why the userX, not member of >admingroup1 still can write in the share. >> >> any advices? >> >> Louis >> > >Hi >Try: > create mode = 770 > >lose directory mode for the moment. >HTH >Steve > > >