Samba Permissions

Elvis elvislives at gmx.net
Thu Nov 11 17:37:58 UTC 2004 

Stormblaze wrote:
> On Thu, 11 Nov 2004 16:07:06 +0000, Elvis <elvislives at gmx.net> wrote:
> 
>>Stormblaze wrote:
>>
>>
>>
>>>On Thu, 11 Nov 2004 16:12:12 +0100, shrek-m at gmx.de <shrek-m at gmx.de> wrote:
>>>
>>>
>>>>Stormblaze wrote:
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>>Ok, Samba is up and running. I can see the share I set up. However, I
>>>>>can not write to it. What I'd like to have is for the default to be
>>>>>read only and allow only certain users to write to it. So I set the
>>>>>read only property to yes then I supplied users for write and admin
>>>>>previledges. I log into my XP box as administrator and map to the
>>>>>share but I still can't write to it.
>>>>>
>>>>>I tried turning the read only setting off and still could not write to
>>>>>it. Any help? Here's my current smb.conf.
>>>>>
>>>>># Samba config file created using SWAT
>>>>># from 127.0.0.1 (127.0.0.1)
>>>>># Date: 2004/11/11 09:35:39
>>>>>
>>>>># Global parameters
>>>>>[global]
>>>>>     server string = Linux Server
>>>>>     interfaces = eth1
>>>>>     security = SHARE
>>>>>     preferred master = Yes
>>>>>     ldap ssl = no
>>>>>
>>>>>[Data]
>>>>>     path = /Data
>>>>>     admin users = root, admin, administrator
>>>>>     write list = root, admin, administrator
>>>>>     guest ok = Yes
>>>>>
>>>>>
>>>>
>>>># ll /Data
>>>>
>>>>$ man smb.conf
>>>>
>>>>writable = yes
>>>>or
>>>>writeable = yes
>>>>both should be ok.
>>>
>>>
>>>Tried that. Those two are synonyms for the read only attribute. I
>>>tried setting the share attribute read only to no. I still couldn't
>>>write to it.
>>>
>>>
>>>
>>>>valid users = mary fred
>>>
>>>
>>>I set guest ok to yes. Shouldn't this allow any users on? I'm doing
>>>this for testing right now. Is it possible that my XP box is
>>>remembering the settings for that share from the first time it logged
>>>in?
>>>
>>>What I do is I change the settings. I restart both smbd and nmbd. I
>>>disconnect the drive that is mappened to the share. I re-connect and
>>>try.
>>>
>>>
>>>
>>>>check your settings with
>>>># testparm
>>>>
>>>>--
>>>>shrek-m
>>>>
>>>>--
>>>>fedora-list mailing list
>>>>fedora-list at redhat.com
>>>>To unsubscribe: http://www.redhat.com/mailman/listinfo/fedora-list
>>>>
>>>
>>>
>>>
>>Have you tried chmod 777 /Data ? Or if you are using acls, setfacl -m
>>u::groupnameallowedtowrite /Data
>>
> 
> 
> You know, I was gonna reply and say that I'd already done the
> equivalent but when I checked I saw that I hadn't. Apparently chmod
> has changed a bit. I remember being able to do a chmod +w and it would
> set the write bit for user group and other. It was a shortcut way of
> doing chmod ugo+w but apparently now it's only a shortcut for chmod
> u+w.
> 
> Anyway, I'd done a ls -ld on it and thought I'd set the write bit but
> I hadn't. Soon as I set the write bit for group and other  (Read
> execute was already done) , disconnected and re-connected now it
> works.
> 
> But now I have another question. If I open it up to rwx for everyone
> then any local user could mess with it. The permissions that it had
> were what they needed to be for local users. The directory is owned by
> root and part of the root group. root had rwx permission and everyone
> else had only read and execute permission:
> 
> drwxr-xr-x  4 root root 4096 Nov 11 11:36 /Data
> 
> So since we know it's a permission thing how can I keep this directory
> read only for everyone including local users and allow only root or
> administrator over samba to write to it?
Looks like you need to use ACLs - this is quite easy. First, check if 
you have support for ACLs (im not 100% but pretty sure its in kernel =>2.6):
mount /whateverdiskitsmountedon -o remount,acl
If this works, you are in business! - edit your /etc/fstab file and put 
acl in the options.
It does not matter if you have only one partition, mount it with acl. If 
you used the default ext3 filesystem then you will almost certainly have 
acl support.

Next you need to give access to various people:
chown youruser /dirforsamba
setfacl -m u:username:rwx /your/dir
setfacl -m u:root:rwx /your/dir

Have a google for setfacl and getfacl - check the man pages as well, its 
very useful.

If you put `nt acl support = yes` in samba, you can now edit the ACLs 
through windows sa well (as long as you have write permission)

Hope that helped

More information about the fedora-list mailing list