On 1/4/2020 12:28 PM, Rowland penny via samba wrote:> On 04/01/2020 19:51, bret_stern via samba wrote:
>> Good day,
>>
>> I have hosted several domain websites under my apache24 web server on
>> FreeBSD 10.1 for several years. I had Samba configured to allow
>> updating files from my window 7/XP machines.
>> My freeBSD 10.1 server still allows me to copy files into the freebsd
>> apache24 folders: /usr/local/www/apache24..and below.
>>
>> Notes: I can ssh into both servers with FreeBSD user accounts
>> using my username/password. But cannot copy files into the
>> ?/usr/local/www/apache24...or below folders (read only during ssh
>> session)
>> So it appears Samba is overriding the file system permissions.
>>
>>
>>
>> Trying to move to FreeBSD 12.1
>>
>> Changes
>> On FreeBSD 10.1, my smb.conf file has the following share used:
>> security = share
>>
>> On FreeBSD 12.1, my smb4.conf file has the following change
>> security = user
>>
>> The following share directive is in both original smb.conf and new
>> smb4.conf
>>
>> [ww]
>> ?path=/usr/local/www/apache24
>> ?browseable = yes
>> ?read only = no
>> ?public = yes
>> ?writable = yes
>>
>> On the new FreeBSD server with samba48 installed, I can view the
folders
>> in /usr/local/www/apache24..and below. But cannot write to them.
>>
>> Even though this may be an unorthodox manner to update my websites, I
>> run a pretty tight ship here, so, if I can do what was previously able
>> to do under freeBSD 10.1 and Samba 3.625...it would be preferred.
>>
>> Would like any ideas to determine what is allowing me to write files
>> to the old server web site files, or preventing me from writing files
on
>> the new server.
>>
>> Sorry for the long story,
>> Regards,
>> Bret
>>
> Sorry, but it isn't long enough ;-)
>
> Can you post your entire smb.conf.
>
> There have been quite a lot of changes between 3.6.x and 4.8.x
>
> Rowland
>
>
>
Never posted here before, hope bottom posting ok. Been getting along
without really investigating the samba setup, so now I'm learning.
FYI.. created user: smbpasswd -a bret and .. smbpasswd -e bret
THANKS FOR LOOKING!!
# This is the main Samba configuration file. You should read the
# smb.conf(5) manual page in order to understand the options listed
# here. Samba has a huge number of configurable options (perhaps too
# many!) most of which are not shown in this example
#
# For a step to step guide on installing, configuring and using samba,
# read the Samba-HOWTO-Collection. This may be obtained from:
# http://www.samba.org/samba/docs/Samba-HOWTO-Collection.pdf
#
# Many working examples of smb.conf files can be found in the
# Samba-Guide which is generated daily and can be downloaded from:
# http://www.samba.org/samba/docs/Samba-Guide.pdf
#
# Any line which starts with a ; (semi-colon) or a # (hash)
# is a comment and is ignored. In this example we will use a #
# for commentry and a ; for parts of the config file that you
# may wish to enable
#
# NOTE: Whenever you modify this file you should run the command
"testparm"
# to check that you have not made any basic syntactic errors.
#
#======================= Global Settings
====================================[global]
# workgroup = NT-Domain-Name or Workgroup-Name, eg: MIDEARTH
workgroup = workgroup
# server string is the equivalent of the NT Description field
server string = Samba Server
# Sharing Model
security = user
# Server role. Defines in which mode Samba will operate. Possible
# values are "standalone server", "member server",
"classic primary
# domain controller", "classic backup domain controller",
"active
# directory domain controller".
#
# Most people will want "standalone sever" or "member
server".
# Running as "active directory domain controller" will require first
# running "samba-tool domain provision" to wipe databases and create a
# new domain.
server role = standalone server
# This option is important for security. It allows you to restrict
# connections to machines which are on your local network. The
# following example restricts access to two C class networks and
# the "loopback" interface. For more examples of the syntax see
# the smb.conf man page
; hosts allow = 192.168.1. 192.168.2. 127.
# Uncomment this if you want a guest account, you must add this to
/etc/passwd
# otherwise the user "nobody" is used
; guest account = pcguest
# this tells Samba to use a separate log file for each machine
# that connects
log file = /usr/local/samba/var/log.%m
# Put a capping on the size of the log files (in Kb).
max log size = 50
# Specifies the Kerberos or Active Directory realm the host is part of
; realm = MY_REALM
# Backend to store user information in. New installations should
# use either tdbsam or ldapsam. smbpasswd is available for backwards
# compatibility. tdbsam requires no further configuration.
passdb backend = tdbsam
# Using the following line enables you to customise your configuration
# on a per machine basis. The %m gets replaced with the netbios name
# of the machine that is connecting.
# Note: Consider carefully the location in the configuration file of
# this line. The included file is read at that point.
; include = /usr/local/samba/lib/smb.conf.%m
# Configure Samba to use multiple interfaces
# If you have multiple network interfaces then you must list them
# here. See the man page for details.
; interfaces = 192.168.12.2/24 192.168.13.2/24
# Where to store roving profiles (only for Win95 and WinNT)
# %L substitutes for this servers netbios name, %U is username
# You must uncomment the [Profiles] share below
; logon path = \\%L\Profiles\%U
# Windows Internet Name Serving Support Section:
# WINS Support - Tells the NMBD component of Samba to enable it's WINS
Server
; wins support = yes
# WINS Server - Tells the NMBD components of Samba to be a WINS Client
# Note: Samba can be either a WINS Server, or a WINS Client, but NOT both
; wins server = w.x.y.z
# WINS Proxy - Tells Samba to answer name resolution queries on
# behalf of a non WINS capable client, for this to work there must be
# at least one WINS Server on the network. The default is NO.
; wins proxy = yes
# DNS Proxy - tells Samba whether or not to try to resolve NetBIOS names
# via DNS nslookups. The default is NO.
dns proxy = no
# These scripts are used on a domain controller or stand-alone
# machine to add or delete corresponding unix accounts
; add user script = /usr/sbin/useradd %u
; add group script = /usr/sbin/groupadd %g
; add machine script = /usr/sbin/adduser -n -g machines -c Machine -d
/dev/null -s /bin/false %u
; delete user script = /usr/sbin/userdel %u
; delete user from group script = /usr/sbin/deluser %u %g
; delete group script = /usr/sbin/groupdel %g
#============================ Share Definitions
=============================[homes]
comment = Home Directories
browseable = no
writable = yes
#Added for web server content Bret 2020
[ww]
path=/usr/local/www/apache24
browseable = yes
read only = no
public = yes
writable = yes