Rowland Penny
2024-Mar-30 09:15 UTC
[Samba] Linux Mint 21.3 client AD joined OK but no usb working
On Thu, 28 Mar 2024 19:25:33 +0000 Rowland Penny via samba <samba at lists.samba.org> wrote:> On Thu, 28 Mar 2024 20:10:32 +0100 > Kees van Vloten via samba <samba at lists.samba.org> wrote: > > > A local daemon will use /etc/nsswitch.conf to lookup UIDs and > > Winbind can supply them. > > > > In addition I make (domain) users member of these local groups: > > > > audio,video,dialout,cdrom,floppy,lpadmin,plugdev,bluetooth,netdev,pulse-access,users > > > > Some users also want to be member of local-groups like: libvirt, > > kvm, docker, vboxusers > > > > You can do this with: usermod -a -G <group> <domain-user>, this > > mechanism works much better than pam_group (which does not work for > > this purpose). > > It worked for myself: > > SAMDOM\rowland at rpidc1:~ $ groups > domain users dialout cdrom floppy audio video plugdev scanner > BUILTIN\administrators BUILTIN\users domain admins denied rodc > password replication group rowland testgroup > > It just didn't help with the problem > > > > I do this when a domain-user logs in and the reverse when (s)he logs > > off with a script triggered by pam-session, a copy is already in the > > list archive somewhere. > > Perhaps running a script when a usb drive is inserted might be the way > forward, but I haven't given up on either udev or udisks2 being able > to set the correct ownership >After much searching on the internet, I have now given up on this, it has nothing to do with Samba and everything to do with udev and udisks2. When you insert a usb drive into a Linux computer, udev and udisks2 mount it on /media/USERNAME/USBDRIVENAME, it also mounts it as root:root with the permissions set to drwxr-xr-x, so only root can write to the drive, but everyone can traverse and read it. From what I can see, this cannot be automatically changed and will not be changed in code (he who is god, systemd wise, has spoken). Provided the drive is using a Linux filesystem (ext2 etc) then you can change the permissions with 'chown', but you would have to do this as root, any other filesystem, then I think you are stuck with what you are given. Rowland
Kees van Vloten
2024-Mar-30 09:57 UTC
[Samba] Linux Mint 21.3 client AD joined OK but no usb working
On 30-03-2024 10:15, Rowland Penny via samba wrote:> On Thu, 28 Mar 2024 19:25:33 +0000 > Rowland Penny via samba <samba at lists.samba.org> wrote: > >> On Thu, 28 Mar 2024 20:10:32 +0100 >> Kees van Vloten via samba <samba at lists.samba.org> wrote: >> >>> A local daemon will use /etc/nsswitch.conf to lookup UIDs and >>> Winbind can supply them. >>> >>> In addition I make (domain) users member of these local groups: >>> >>> audio,video,dialout,cdrom,floppy,lpadmin,plugdev,bluetooth,netdev,pulse-access,users >>> >>> Some users also want to be member of local-groups like: libvirt, >>> kvm, docker, vboxusers >>> >>> You can do this with: usermod -a -G <group> <domain-user>, this >>> mechanism works much better than pam_group (which does not work for >>> this purpose). >> It worked for myself: >> >> SAMDOM\rowland at rpidc1:~ $ groups >> domain users dialout cdrom floppy audio video plugdev scanner >> BUILTIN\administrators BUILTIN\users domain admins denied rodc >> password replication group rowland testgroup >> >> It just didn't help with the problem >>> I do this when a domain-user logs in and the reverse when (s)he logs >>> off with a script triggered by pam-session, a copy is already in the >>> list archive somewhere. >> Perhaps running a script when a usb drive is inserted might be the way >> forward, but I haven't given up on either udev or udisks2 being able >> to set the correct ownership >> > After much searching on the internet, I have now given up on this, it > has nothing to do with Samba and everything to do with udev and udisks2. > > When you insert a usb drive into a Linux computer, udev and udisks2 > mount it on /media/USERNAME/USBDRIVENAME, it also mounts it as > root:root with the permissions set to drwxr-xr-x, so only root can > write to the drive, but everyone can traverse and read it. > > From what I can see, this cannot be automatically changed and will not > be changed in code (he who is god, systemd wise, has spoken). > > Provided the drive is using a Linux filesystem (ext2 etc) then you can > change the permissions with 'chown', but you would have to do this as > root, any other filesystem, then I think you are stuck with what you > are given. > > RowlandYou must have something installed that does the auto-mounting for you. On my Bookworm machines that does not happen. On the desktop KDE asks me whether I want to mount it and I can choose not to. On the servers nothing happens, you have to mount it yourself. - Kees.
Douglas G. Oechsler
2024-Mar-30 13:22 UTC
[Samba] Linux Mint 21.3 client AD joined OK but no usb working
Hello!> >> After much searching on the internet, I have now given up on this, it > has nothing to do with Samba and everything to do with udev and udisks2. > > When you insert a usb drive into a Linux computer, udev and udisks2 > mount it on /media/USERNAME/USBDRIVENAME, it also mounts it as > root:root with the permissions set to drwxr-xr-x, so only root can > write to the drive, but everyone can traverse and read it. > > From what I can see, this cannot be automatically changed and will not > be changed in code (he who is god, systemd wise, has spoken). > > Provided the drive is using a Linux filesystem (ext2 etc) then you can > change the permissions with 'chown', but you would have to do this as > root, any other filesystem, then I think you are stuck with what you > are given. > > Rowland > >It's hard to put Linux machines in AD in this way. The users need access to your usb ports sometimes. Even linux machines not being member AD I can map file servers and users can work well and access usb ports. At this moment it works well. Thanks Douglas> -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba >-- *Douglas Giovani Oechsler* e-mail: doguibnu at gmail.com <douglasgiovani at oechsler.com.br> *Prudent?polis - PR*
Possibly Parallel Threads
- Linux Mint 21.3 client AD joined OK but no usb working
- Linux Mint 21.3 client AD joined OK but no usb working
- Linux Mint 21.3 client AD joined OK but no usb working
- Linux Mint 21.3 client AD joined OK but no usb working
- Linux Mint 21.3 client AD joined OK but no usb working