Samba access-restrictions

James Wilkinson james at westexe.demon.co.uk
Mon Aug 30 10:20:15 UTC 2004 

Roger Grosswiler wrote:
> i have a samba-server running with several users and each of them has
> its own directory on the server.

Sorry: I don't follow you. The server runs samba, and presumably is
Fedora. What about the clients? Are they Fedora, another Unix-like OS,
or Windows (or something else)?

> also, i did
> some public-accessible directories. All user-directories work fine, but
> not the public-accessibles, which restricts write-access.
> 
> - generating the users in /etc/passwd and merging them in group samba
(On the server, presumably)
> - adding those users in /etc/samba/smbpasswd
> - adding the sections in /etc/samba/smb.conf:
> 
> [homes]
>    comment = Home Directories
>    path = /users/%U
>    guest ok = no
>    browseable = yes
>    writable = yes
>    create mask = 775
> 
> [public]
>    path = /public
>    public = yes
>    writable = yes
>    create mask = 775
> 
> - mounting the shares with a shell-script after a successful samba-login:
> sudo mount -t cifs -o credentials=/$HOME/.smb,rw,uid=$UID,gid=samba //server/$USER /home/$USER/winhome
> sudo mount -t cifs -o credentials=/$HOME/.smb,rw,uid=$UID,gid=samba //server/public /home/$USER/winpublic
 
This must be on the clients. (Please don't say you're trying that on the
server...)

So how do the clients' password and group files compare to the server's
files?

I understand that Samba and the kernel spot if there's suitable software
at either end of the link, and negotiate to keep more of the Unix
context.

Is there a samba group on the clients? Does it have the same GID? Are the
users listed as members of the samba group on the clients?

Are you using some sort of centralised user/password scheme? (NIS, LDAP,
Active Directory...)

You could try temporarily chmodding the public shares to 777, letting
a client write a file, and note the user, group, and permissions of
that file.

Hope this gives you something to think about,

James.

-- 
E-mail address: james | Whenever [Richard I] returned to England he always
@westexe.demon.co.uk  | set out again immediately for the Mediterranean and
                      | was therefore known as Richard Gare de Lyon.
                      |     -- '1066 and All That'

More information about the fedora-list mailing list