On 1/4/2020 12:28 PM, Rowland penny via samba wrote:> On 04/01/2020 19:51, bret_stern via samba wrote: >> Good day, >> >> I have hosted several domain websites under my apache24 web server on >> FreeBSD 10.1 for several years. I had Samba configured to allow >> updating files from my window 7/XP machines. >> My freeBSD 10.1 server still allows me to copy files into the freebsd >> apache24 folders: /usr/local/www/apache24..and below. >> >> Notes: I can ssh into both servers with FreeBSD user accounts >> using my username/password. But cannot copy files into the >> ?/usr/local/www/apache24...or below folders (read only during ssh >> session) >> So it appears Samba is overriding the file system permissions. >> >> >> >> Trying to move to FreeBSD 12.1 >> >> Changes >> On FreeBSD 10.1, my smb.conf file has the following share used: >> security = share >> >> On FreeBSD 12.1, my smb4.conf file has the following change >> security = user >> >> The following share directive is in both original smb.conf and new >> smb4.conf >> >> [ww] >> ?path=/usr/local/www/apache24 >> ?browseable = yes >> ?read only = no >> ?public = yes >> ?writable = yes >> >> On the new FreeBSD server with samba48 installed, I can view the folders >> in /usr/local/www/apache24..and below. But cannot write to them. >> >> Even though this may be an unorthodox manner to update my websites, I >> run a pretty tight ship here, so, if I can do what was previously able >> to do under freeBSD 10.1 and Samba 3.625...it would be preferred. >> >> Would like any ideas to determine what is allowing me to write files >> to the old server web site files, or preventing me from writing files on >> the new server. >> >> Sorry for the long story, >> Regards, >> Bret >> > Sorry, but it isn't long enough ;-) > > Can you post your entire smb.conf. > > There have been quite a lot of changes between 3.6.x and 4.8.x > > Rowland > > >Never posted here before, hope bottom posting ok. Been getting along without really investigating the samba setup, so now I'm learning. FYI.. created user: smbpasswd -a bret and .. smbpasswd -e bret THANKS FOR LOOKING!! # This is the main Samba configuration file. You should read the # smb.conf(5) manual page in order to understand the options listed # here. Samba has a huge number of configurable options (perhaps too # many!) most of which are not shown in this example # # For a step to step guide on installing, configuring and using samba, # read the Samba-HOWTO-Collection. This may be obtained from: # http://www.samba.org/samba/docs/Samba-HOWTO-Collection.pdf # # Many working examples of smb.conf files can be found in the # Samba-Guide which is generated daily and can be downloaded from: # http://www.samba.org/samba/docs/Samba-Guide.pdf # # Any line which starts with a ; (semi-colon) or a # (hash) # is a comment and is ignored. In this example we will use a # # for commentry and a ; for parts of the config file that you # may wish to enable # # NOTE: Whenever you modify this file you should run the command "testparm" # to check that you have not made any basic syntactic errors. # #======================= Global Settings ====================================[global] # workgroup = NT-Domain-Name or Workgroup-Name, eg: MIDEARTH workgroup = workgroup # server string is the equivalent of the NT Description field server string = Samba Server # Sharing Model security = user # Server role. Defines in which mode Samba will operate. Possible # values are "standalone server", "member server", "classic primary # domain controller", "classic backup domain controller", "active # directory domain controller". # # Most people will want "standalone sever" or "member server". # Running as "active directory domain controller" will require first # running "samba-tool domain provision" to wipe databases and create a # new domain. server role = standalone server # This option is important for security. It allows you to restrict # connections to machines which are on your local network. The # following example restricts access to two C class networks and # the "loopback" interface. For more examples of the syntax see # the smb.conf man page ; hosts allow = 192.168.1. 192.168.2. 127. # Uncomment this if you want a guest account, you must add this to /etc/passwd # otherwise the user "nobody" is used ; guest account = pcguest # this tells Samba to use a separate log file for each machine # that connects log file = /usr/local/samba/var/log.%m # Put a capping on the size of the log files (in Kb). max log size = 50 # Specifies the Kerberos or Active Directory realm the host is part of ; realm = MY_REALM # Backend to store user information in. New installations should # use either tdbsam or ldapsam. smbpasswd is available for backwards # compatibility. tdbsam requires no further configuration. passdb backend = tdbsam # Using the following line enables you to customise your configuration # on a per machine basis. The %m gets replaced with the netbios name # of the machine that is connecting. # Note: Consider carefully the location in the configuration file of # this line. The included file is read at that point. ; include = /usr/local/samba/lib/smb.conf.%m # Configure Samba to use multiple interfaces # If you have multiple network interfaces then you must list them # here. See the man page for details. ; interfaces = 192.168.12.2/24 192.168.13.2/24 # Where to store roving profiles (only for Win95 and WinNT) # %L substitutes for this servers netbios name, %U is username # You must uncomment the [Profiles] share below ; logon path = \\%L\Profiles\%U # Windows Internet Name Serving Support Section: # WINS Support - Tells the NMBD component of Samba to enable it's WINS Server ; wins support = yes # WINS Server - Tells the NMBD components of Samba to be a WINS Client # Note: Samba can be either a WINS Server, or a WINS Client, but NOT both ; wins server = w.x.y.z # WINS Proxy - Tells Samba to answer name resolution queries on # behalf of a non WINS capable client, for this to work there must be # at least one WINS Server on the network. The default is NO. ; wins proxy = yes # DNS Proxy - tells Samba whether or not to try to resolve NetBIOS names # via DNS nslookups. The default is NO. dns proxy = no # These scripts are used on a domain controller or stand-alone # machine to add or delete corresponding unix accounts ; add user script = /usr/sbin/useradd %u ; add group script = /usr/sbin/groupadd %g ; add machine script = /usr/sbin/adduser -n -g machines -c Machine -d /dev/null -s /bin/false %u ; delete user script = /usr/sbin/userdel %u ; delete user from group script = /usr/sbin/deluser %u %g ; delete group script = /usr/sbin/groupdel %g #============================ Share Definitions =============================[homes] comment = Home Directories browseable = no writable = yes #Added for web server content Bret 2020 [ww] path=/usr/local/www/apache24 browseable = yes read only = no public = yes writable = yes
On 04/01/2020 22:13, bret_stern via samba wrote:> On 1/4/2020 12:28 PM, Rowland penny via samba wrote: >> On 04/01/2020 19:51, bret_stern via samba wrote: >>> Good day, >>> >>> I have hosted several domain websites under my apache24 web server >>> on FreeBSD 10.1 for several years. I had Samba configured to allow >>> updating files from my window 7/XP machines. >>> My freeBSD 10.1 server still allows me to copy files into the >>> freebsd apache24 folders: /usr/local/www/apache24..and below. >>> >>> Notes: I can ssh into both servers with FreeBSD user accounts >>> using my username/password. But cannot copy files into the >>> ?/usr/local/www/apache24...or below folders (read only during ssh >>> session) >>> So it appears Samba is overriding the file system permissions. >>> >>> >>> >>> Trying to move to FreeBSD 12.1 >>> >>> Changes >>> On FreeBSD 10.1, my smb.conf file has the following share used: >>> security = share >>> >>> On FreeBSD 12.1, my smb4.conf file has the following change >>> security = user >>> >>> The following share directive is in both original smb.conf and new >>> smb4.conf >>> >>> [ww] >>> ?path=/usr/local/www/apache24 >>> ?browseable = yes >>> ?read only = no >>> ?public = yes >>> ?writable = yes >>> >>> On the new FreeBSD server with samba48 installed, I can view the >>> folders >>> in /usr/local/www/apache24..and below. But cannot write to them. >>> >>> Even though this may be an unorthodox manner to update my websites, >>> I run a pretty tight ship here, so, if I can do what was previously >>> able to do under freeBSD 10.1 and Samba 3.625...it would be preferred. >>> >>> Would like any ideas to determine what is allowing me to write files >>> to the old server web site files, or preventing me from writing >>> files on >>> the new server. >>> >>> Sorry for the long story, >>> Regards, >>> Bret >>> >> Sorry, but it isn't long enough ;-) >> >> Can you post your entire smb.conf. >> >> There have been quite a lot of changes between 3.6.x and 4.8.x >> >> Rowland >> >> >> > > Never posted here before, hope bottom posting ok. Been getting along > without really investigating the samba setup, so now I'm learning. > > FYI.. created user: smbpasswd -a bret?? and .. smbpasswd -e bret > THANKS FOR LOOKING!! >Bottom posting is always preferred ;-) Your effective smb.conf is this: [global] ?? workgroup = workgroup ?? server string = Samba Server ?? security = user ?? server role = standalone server ?? log file = /usr/local/samba/var/log.%m ?? max log size = 50 ?? dns proxy = no [homes] ?? comment = Home Directories ?? browseable = no ?? writable = yes [ww] ?path=/usr/local/www/apache24 ?read only = no ?public = yes It looks like you want the 'ww' share to be a guest share, 'public' is a synonym for 'guest ok'. However, guest access will never work, because you are missing 'map to guest = bad user' in global, but if you do set this, any new files and directories created will belong to 'nobody:nogroup'. You refer to connecting to the computer via SSH, this has nothing to do with Samba. If you are wishing to modify files in the share via Samba, then the underlying permissions set on /usr/local/www/apache24 will have to allow the user to do this. I think you need to describe what you want to do and how you want to do it. Rowland
On 1/5/2020 1:20 AM, Rowland penny via samba wrote:> On 04/01/2020 22:13, bret_stern via samba wrote: >> On 1/4/2020 12:28 PM, Rowland penny via samba wrote: >>> On 04/01/2020 19:51, bret_stern via samba wrote: >>>> Good day, >>>> >>>> I have hosted several domain websites under my apache24 web server >>>> on FreeBSD 10.1 for several years. I had Samba configured to allow >>>> updating files from my window 7/XP machines. >>>> My freeBSD 10.1 server still allows me to copy files into the >>>> freebsd apache24 folders: /usr/local/www/apache24..and below. >>>> >>>> Notes: I can ssh into both servers with FreeBSD user accounts >>>> using my username/password. But cannot copy files into the >>>> ?/usr/local/www/apache24...or below folders (read only during ssh >>>> session) >>>> So it appears Samba is overriding the file system permissions. >>>> >>>> >>>> >>>> Trying to move to FreeBSD 12.1 >>>> >>>> Changes >>>> On FreeBSD 10.1, my smb.conf file has the following share used: >>>> security = share >>>> >>>> On FreeBSD 12.1, my smb4.conf file has the following change >>>> security = user >>>> >>>> The following share directive is in both original smb.conf and new >>>> smb4.conf >>>> >>>> [ww] >>>> ?path=/usr/local/www/apache24 >>>> ?browseable = yes >>>> ?read only = no >>>> ?public = yes >>>> ?writable = yes >>>> >>>> On the new FreeBSD server with samba48 installed, I can view the >>>> folders >>>> in /usr/local/www/apache24..and below. But cannot write to them. >>>> >>>> Even though this may be an unorthodox manner to update my websites, >>>> I run a pretty tight ship here, so, if I can do what was previously >>>> able to do under freeBSD 10.1 and Samba 3.625...it would be preferred. >>>> >>>> Would like any ideas to determine what is allowing me to write files >>>> to the old server web site files, or preventing me from writing >>>> files on >>>> the new server. >>>> >>>> Sorry for the long story, >>>> Regards, >>>> Bret >>>> >>> Sorry, but it isn't long enough ;-) >>> >>> Can you post your entire smb.conf. >>> >>> There have been quite a lot of changes between 3.6.x and 4.8.x >>> >>> Rowland >>> >>> >>> >> >> Never posted here before, hope bottom posting ok. Been getting along >> without really investigating the samba setup, so now I'm learning. >> >> FYI.. created user: smbpasswd -a bret?? and .. smbpasswd -e bret >> THANKS FOR LOOKING!! >> > Bottom posting is always preferred ;-) > > Your effective smb.conf is this: > > [global] > ?? workgroup = workgroup > ?? server string = Samba Server > ?? security = user > ?? server role = standalone server > ?? log file = /usr/local/samba/var/log.%m > ?? max log size = 50 > ?? dns proxy = no > > [homes] > ?? comment = Home Directories > ?? browseable = no > ?? writable = yes > > [ww] > ?path=/usr/local/www/apache24 > ?read only = no > ?public = yes > > It looks like you want the 'ww' share to be a guest share, 'public' is a > synonym for 'guest ok'. However, guest access will never work, because > you are missing 'map to guest = bad user' in global, but if you do set > this, any new files and directories created will belong to > 'nobody:nogroup'. > > You refer to connecting to the computer via SSH, this has nothing to do > with Samba. If you are wishing to modify files in the share via Samba, > then the underlying permissions set on /usr/local/www/apache24 will have > to allow the user to do this. > > I think you need to describe what you want to do and how you want to do it. > > Rowland > > >I'll try some of your suggestions to see results. My point about ssh was that: if I can't write to the apache24 folders as a local logged on user, why does Samba allow it? Really appreciate the input. Sometimes these issues are spread across multiple competing configurations. Glad to be in the loop on Samba issues, most certainly will learn observing issues. Cheers Bret