[Samba] PDC directory permission fail

Bino Oetomo bino at indoakses-online.com
Tue Jan 5 18:51:33 MST 2010 

Dear Serg and All
Сергей wrote:
> Hello, Bino!
>
>   
>> I use webmin to do the samba PDC configuration
>>     
> IMHO, insuffisient
>   
Agree ...
I did some direct edit to conf file

>> [warehouse]
>>         comment = Files of warehouse
>>         writeable = yes
>>         path = /hdd2/samba/groupfiles/warehouse
>>
>> when I create that share via webmin i use option :
>> a. mode : 775
>> b. Create user : Root
>> c. Create Group : warehouse.
>>
>> 4. From my XP station , I login to that domain with user name "wh01", 
>> the results is :
>> a. Successfull login
>> b. wh01 can create a file in the home directory (/home/wh01)
>>     
>
>   
>> But, wh01 can not write file to share "warehouse"
>>     
> Which permission to the new file? May be 644? :)
> IMHO, user have right to write directory, but have not right to write file.
> Look man smb.conf for "force create mode", "force directory mode" or http://wiki.samba.org/index.php/Frequently_Asked_Questions#inherit_permissions
>
>   

Thankyou for your enlightment

I read that documentation, but I don't want uuser to be able to execute 
things in directory
So I chage the share to :
[warehouse]
    create mode = 660
    path = /hdd2/samba/groupfiles/warehouse
    directory mode = 660
    force group = warehouse

(and the dircory is auto created with user:group as root:warehouse)

Still the user with group "warehouse" can not access (event just "open") 
the directory

so I try to delete the share ... manualy remove the dir , and re create 
the share (and dir) with :
[warehouse]
    create mode = 760
    path = /hdd2/samba/groupfiles/warehouse
    directory mode = 760
    force group = warehouse

Still the user with group "warehouse" can not access (event just "open") 
the directory

Again,  I try to delete the share ... manualy remove the dir , and re 
create the share (and dir) with :
[warehouse]
    create mode = 770
    path = /hdd2/samba/groupfiles/warehouse
    directory mode = 770
    force group = warehouse


And ... voila ... the user can access (read-write) into the shares ...
But it'll means that the user can also "execute" somethings inside 
directory ... right ?

Why we need the "execute" bit in directory permission just to let the 
user to "read and write only" ?

Just fyi, my system is based on :
++ Ubuntu Jaunty
++ Samba 3.32

Sincerely
-bino-

More information about the samba mailing list