SMB Permissions

David Frascone dave at frascone.com
Tue Jul 31 20:19:59 UTC 2007 

So -- now that we're on the subject -- what about domain controller stuff?
Is it worth messing with?

Or, should I just leave it at a few shares?  Seems like more trouble w/o any
(or much) benefit.  Although, I'd sure like the shares to get auto-mounted.



On 7/31/07, Mikkel L. Ellertson <mikkel at infinity-ltd.com> wrote:
>
> David Frascone wrote:
> >
> > I have been running samba for some time, but I can't seem to get
> > permissions right for the following:
> >
> > My file server has two users, me and my wife.  I'd like to make 3
> > shares, plus a home directory:
> >
> > /media (rw to me and my wife, ro for guests)
> > /public (rw to me and my wife, ro for guests)
> > /private (rw to me and my wife, no other access)
> >
> > And, normal (rw) to owners of /home/USER.
> >
> > However, I run into tons of permissions problems when I create a file,
> > and she reads it, and vice versa.
> >
> > So, the actual questions:
> >
> > 1) How do I implement a "guest" account?  Make a third account?
> > 2) Is there any way to have both accounts (mine and my wife) create
> > files with permissions 777 when we write to shared space, but normal
> > permissions (700) when we write to our home directories?
> >
> > Guess that's about it.  Thanks in advance,
> >
> >
> 1: The guest account is mapped to user nobody by default. I usualy
> create a user pcguest and mape guest to that. I give that user a
> group that will be able to read the files Samba is going to share.
> You have to be carefull, because even if Samba gives access, the
> user and group IDs used still have to have permission to access the
> files. (You can use force user and force group to get around this.)
> Samba access permissions are normally on top of the file system
> permissions.
>
> # Uncomment this if you want a guest account, you must add this to
> /etc/passwd
> # otherwise the user "nobody" is used
>   guest account = pcguest
>
> 2: You can control the permissions used by Samba on any share.
> Running man smb.conf will show you all the different options for the
> shares. The force create mode and force directory mode are probably
> the options you want.
>
> Another way to share files is to directory owned samba works, and
> use force user = samba on the share so that all files/directories
> will be owned by samba. You can then use the write list = to limit
> writing to you and your wife. The disadvantages to this is that you
> will not be able to tell when create the file/directory without
> looking at the Samba logs, and you may not be able to access then
> with your normal account when logged into the machine...
>
> Mikkel
> --
>
>   Do not meddle in the affairs of dragons,
> for thou art crunchy and taste good with Ketchup!
>
>
> --
> fedora-list mailing list
> fedora-list at redhat.com
> To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
>
>


-- 
David Frascone

Tumbleweed: Colorado Tribble.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/fedora-list/attachments/20070731/6dcdfd53/attachment-0001.htm>

More information about the fedora-list mailing list