[Samba] PDC directory permission fail
Bino Oetomo
bino at indoakses-online.com
Tue Jan 5 18:51:33 MST 2010
Dear Serg and All
Сергей wrote:
> Hello, Bino!
>
>
>> I use webmin to do the samba PDC configuration
>>
> IMHO, insuffisient
>
Agree ...
I did some direct edit to conf file
>> [warehouse]
>> comment = Files of warehouse
>> writeable = yes
>> path = /hdd2/samba/groupfiles/warehouse
>>
>> when I create that share via webmin i use option :
>> a. mode : 775
>> b. Create user : Root
>> c. Create Group : warehouse.
>>
>> 4. From my XP station , I login to that domain with user name "wh01",
>> the results is :
>> a. Successfull login
>> b. wh01 can create a file in the home directory (/home/wh01)
>>
>
>
>> But, wh01 can not write file to share "warehouse"
>>
> Which permission to the new file? May be 644? :)
> IMHO, user have right to write directory, but have not right to write file.
> Look man smb.conf for "force create mode", "force directory mode" or http://wiki.samba.org/index.php/Frequently_Asked_Questions#inherit_permissions
>
>
Thankyou for your enlightment
I read that documentation, but I don't want uuser to be able to execute
things in directory
So I chage the share to :
[warehouse]
create mode = 660
path = /hdd2/samba/groupfiles/warehouse
directory mode = 660
force group = warehouse
(and the dircory is auto created with user:group as root:warehouse)
Still the user with group "warehouse" can not access (event just "open")
the directory
so I try to delete the share ... manualy remove the dir , and re create
the share (and dir) with :
[warehouse]
create mode = 760
path = /hdd2/samba/groupfiles/warehouse
directory mode = 760
force group = warehouse
Still the user with group "warehouse" can not access (event just "open")
the directory
Again, I try to delete the share ... manualy remove the dir , and re
create the share (and dir) with :
[warehouse]
create mode = 770
path = /hdd2/samba/groupfiles/warehouse
directory mode = 770
force group = warehouse
And ... voila ... the user can access (read-write) into the shares ...
But it'll means that the user can also "execute" somethings inside
directory ... right ?
Why we need the "execute" bit in directory permission just to let the
user to "read and write only" ?
Just fyi, my system is based on :
++ Ubuntu Jaunty
++ Samba 3.32
Sincerely
-bino-
More information about the samba
mailing list