[Samba] Help pls. -- Samba permission question

Wed Dec 12 15:18:45 MST 2012

On 12-12-12 12:52 PM, Gary Dale wrote:
> On 12/12/12 02:07 PM, J Gao wrote:
>> Thank you Gary  for the help.
>>
>>
>> On 12-12-12 09:45 AM, Gary Dale wrote:
>>> If you want the CIFS permissions to be set correctly, use the Samba/CIFS
>>> tools to set them (ie. set them from the client. Don't set them using
>>> Unix permissions on the server).
>>
>> I don't know if I'm doing it correct. I'm using a bash script to help
>> user mount the CIFS share like this:
>>
>> sudo mount.cifs //fileserver/management/ ${HOME}/fileserver/management
>> -o user=${USER},password=$userPass,uid=$UID,rw,mand
>>
>> Could you give me an example on using Samba/CIFS tools?
> That line mounts the share using the credentials you gave it but that
> doesn't set the permissions. If you right-click on the share's folder,
> you should be able to set the CIFS permissions.
>
>

OK, right-click in natilus works. But how can I set this up by default. 
I mean once the share mounted, it will set the correct permission to 770 
if the user copy files on the share?

I read man page for the cifs.mount but I couldn't figure it out myself.

Here are more info:
1. The management group has gid=1018 on the server.
2. Once the share mounted on the Ubuntu client, the share's group ID set 
to numeric 1018. (there isn't a local gid 1018)
3. When copy a file, for example:
-rwxr--r--  1 gao gao    14429 Nov 20 09:56 test
to the mounted share, the permission appears to be:
-rwxrwxr--  1 gao 1018      14429 Nov 20 09:56 test
And I check it on the Samba server:
-rwxrwxr--  1 gao management      14429 Nov 20 09:56 test
So the permission changed to 774, not 770. I think somehow it combined 
the permission here.
Just like you said, I can change it to 770 from the right-click. But I 
prefer to do it automatically.

Please help.

Thanks a lot.

Gao

>>
>>
>>
>>>
>>> Your example shows you setting the group to managegroup but your
>>> smb.conf forces the group to management. Which is it?
>>
>> my typo. I want make clear so I change the group name to managegroup.
>> The actual group name it the same "managment" which I think may cause
>> confusion when I post my question. Sorry.
>>
>> Bets Regards.
>>
>> Gao
> So is your user a member of management? Rather than forcing the group to
> management, you could just add members to the group.
>
> Also, when you set the Unix ownership and permissions too tightly, you
> may prevent Samba from accessing the share properly. Since the share
> directories and files are to be accessed only through CIFS/Samba, the
> Unix permissions can and should be very loose. My shares all have Unix
> permissions with everyone having rwx access.
>
>
>>
>>
>>>
>>> The last line in your server commands I believe should be chmod, not
>>> chowm.
>>>
>>>
>>> On 12/12/12 12:21 PM, J Gao wrote:
>>>> Hi, All,
>>>>
>>>> I'm having a problem with my samba server(v3.6.9) setup. I have a
>>>> share on the server:
>>>>
>>>> #cd /
>>>> #mkdir managment
>>>> #chown -R root:managegroup management
>>>> #chowm -R 2770 management
>>>>
>>>> When I test this I found out:
>>>> the managegroup member can create new file/dir with the correct
>>>> permission: -rwxrws--- or drwxrws---
>>>>
>>>> BUT, when the client copy a file or dir to the share from his local
>>>> drive, then some file/dir will have different the permission when it
>>>> coiped to the Samba share. (for example, drwxrwxr-x)
>>>>
>>>> We have both Windows and Ubuntu client. Ubuntu client use cifs.mount
>>>> to access the Samba share.
>>>>
>>>> Here is my smb.conf file. Please help me. All I want is when and file
>>>> and/or dir end up on the samba share, it should have 770 permission.
>>>>
>>>> Thanks.
>>>>
>>>> Gao
>>>>
>>>>
>>>> my smb.conf:
>>>> ============================================
>>>> [global]
>>>>         workgroup = WORKGROUP
>>>>         server string = My File Server
>>>>         interfaces = lo bond0 192.168.1.2/24
>>>>         hosts allow = 127. 192.168.1.
>>>>         log file = /var/log/samba/log.%m
>>>>         max log size = 1000
>>>>         security = user
>>>>         passdb backend = tdbsam
>>>>         guest account = nobody
>>>>         map to guest = Bad User
>>>>         wins support = yes
>>>>         dns proxy = no
>>>>         map acl inherit = yes
>>>>         nt acl support = yes
>>>>         load printers = no
>>>>         printing = bsd
>>>>         printcap name = /dev/null
>>>>         disable spoolss = yes
>>>>         create mask = 0770
>>>>         force security mode = 0770
>>>>         force create mode = 0770
>>>>         directory mask = 0770
>>>>         force directory mode = 0770
>>>>
>>>> [Management]
>>>>     comment =
>>>>         path = /management
>>>>         browsable = yes
>>>>         public = no
>>>>         writable = yes
>>>>         read only = no
>>>>         force group = management
>>>>         valid users = @management
>>>>
>>>> ========================================
>>>>
>>>
>>
>>
>

-- 