[Samba] replacing a w2k machine with samba 2.2.7a

Alex Kramarov alex at incredimail.com
Mon Jan 6 17:14:01 GMT 2003 

Hi.

First, i would like to thank samba developers for producing such a good product. Second, i have a few questions/remarks :

I have recently replaced a w2k file server running in w2k domain (native mode) with samba 2.2.7a on RH 7.3 with the latest kernel, no acl, configured winbind, and ran into the problem described here :

http://lists.samba.org/pipermail/samba-technical/2001-October/032017.html

it would be helpful if this info made it's way into the winbind.html at the doc directory of the samba distribution - i waisted an hour tracking it down, and other people may just give up on it before finding the solution.

After configuring everything, my samba server is running for 2 weeks already , without any major problems. i have a few minor problems though :

generally, this server holds a few shares for several different groups in my organization. each share is writable for members of that group, and readable for the rest. this is accomplished by the following setup (a sniplet from my smb.conf regargding the "_creative" share):

[global]
     workgroup = MyOrg
     winbind separator = +
     winbind uid = 10000-20000
     winbind gid = 10000-20000
     winbind enum users = yes
     winbind enum groups = yes
     template homedir = /mnt/usersdata/_users/%U
     security = domain
     encrypt passwords = yes
     dos filemode = yes
#     security mask = 0000
[_Creative]
   comment = Creative division
   path = /mnt/gendata/_creative
   read only = no
   create mode = 664
   directory mode = 775
   force security mode = 664
   force group = +MyOrg+Creative
   write list = @MyOrg+Creative

all files written to the share are mode 664, and directories are 775 . 

There is a problem though, when an owner of the file sets the file read only, noone except him can remove the read only attribute, since the file becomes 444. i tried dos filemode - it's is not much help. is there a solution for this ? the problem is escalated by people copying many read only files into the share (like pictures from a cd), and other users can't remove the read only attribute.

trying to solve the problem, i have tried to set "security mask = 0000" - but this was completely not helpful, setting files read only still worked. another problem was uncovered with this line - for some reason, people working in m$ work (yacccs) were not able to save their documents while working on the samba share - for some reason suring the save operation the file got the 000 permission, and of course nother else could be done with the file until i fixed the problem by chmod 664 of the file. 

nt has the option to grans write control to a share, and full control. i would really like to make these shares only write accessible, and all attribute shanges would not be propagated tothe files themselvs - i don't mind that a person will not be able to set a file read only. all i want is for all my files to have the permission i set in createmode, whatever the user tries to do to it. 

I have read the entire smb.conf documentation, and didn't find anything that could help me. am i missing something ? am i looking at is from the wrong direction ?

right now the only solution i have is a cron job ran daily that runs find on all shared directories and changes permissions of all files to the default, and of course, this is not much of a solution...

addition question i have is as follows : i want to provide a group of my users with a home directory, but not all of them - some users are administrative users only, and they don't need home dirs. i have started with something like this :

[homes]
   comment = Home Directories
   path = /mnt/usersdata/_users/%S
   browseable = no
   writable = yes
   valid users = MyOrg+alex MyOrg+alon MyOrg+ariela 
   create mode = 0644
   directory mode = 0755

and these users get their directories fine, but these users who are not in valid users (and i don't want to provide them with home directories) still see a share of a home directory on that server (of course they can't connect to it, since it does't exist on the HD). what better way to do this ?

Thank you.

Alex.
-------------- next part --------------
HTML attachment scrubbed and removed

More information about the samba mailing list