more samba woes
Ryan Duff
ryan at duff-duff.net
Sat Mar 6 02:54:53 UTC 2004
On Fri, 5 Mar 2004 14:55:47 -0700, Eric Diamond <eric at ediamond.net> wrote:
>
>
>> Friday, March 05, 2004 11:46 AM, Ryan Duff said...
>>
>> this is what the share looks like in my samba.conf file
>>
>> [music]
>> valid user = ryan
>> path = /mnt/music
>> create mode = 0777
>> directory mode = 777
>> browseable = yes
>> comment = music
>> writeable = yes
>>
>> encrypt passwords is set to yes and security is set to share
>>
>> there is also a homes share
>>
>> [homes]
>> comment = Home Directories
>> browseable = yes
>> writeable = yes
>>
>> The shares show up in network neighborhood but when I click on them it
>> tells me I don't have permission to access the share. My windows user
>> and password match my linux user/pass and samba user/pass. Any more
>> suggestions.
>
> Your share definitions look good, but you should change browsable to no
> in
> the homes definition. You should also change the security setting to
> user.
> Then make sure your directory permissions are set correctly.
>
> In user security mode, file and directory access are actually controlled
> by
> linux, not samba. There are ways to use samba to fool the OS and manage
> security itself, but I've found that's much more trouble than it's worth.
>
> Home directories should be owned by their respective users. The group
> should
> be the same as the user. Permissions should be 700 or rwx------.
>
> Your other share should also be owned by you and your group with the same
> permissions.
>
> Public shares should be owned by user nobody, a group of your own
> choosing
> (I usually use users) and you should make sure all smb users are included
> in
> that group. File permissions should be 777 or rwxrwxrwx.
>
> Group shares should have an appropriate user and group. I usually create
> a
> dummy user so I get both the user and the group, but you could just as
> easily make the owner nobody and create a special purpose group. Make
> sure
> the appropriate users are group members and then set the permissions to
> 770
> or rwxrwx---.
>
> Managing your access this way also means you don't need valid user lists
> in
> your share definitions. You can also manage the visibility of yor shares.
> Users who don't have read and excute permissions on a shared directory
> won't
> see the share.
>
> (They may be able to get to it if they explicity code it's path, but if
> they
> don't have complementary permissions they won't be able to do anything
> with
> it. I'm still experimenting on making shares users don't have access to
> truly invisible to them while still allowing selective access. Watch this
> space, more on this later...)
>
> Eric Diamond
> eDiamond Networking & Security
> 303-246-9555
> eric at ediamond.net
>
>
>
I changed the security level to share and now my folder shows up, I'll
change browseable to no on the homes share b/c I don't need to see that but
I guess I need to check my permissions on my music folder because it still
won't let me access that. I think I'm on the right track tho.
I just tried a chown -R ryan music and it told me operation not permitted.
I was logged in as root and it says the owner and group are root. any
suggestions on that one?
Thanks for the help.
More information about the fedora-list
mailing list