user/group verification

Con Harte con at gfm.co.uk
Tue Nov 27 05:49:06 GMT 2001


Hi.

I have been running a Samba server as PDC for sometime now, and recently
upgraded from 2.2.1a to 2.2.2 (on a RedHat Linux 7.1 system)

I had a share which had permissions allowing group "telecoms" read and write
access, owned by "root", and denying access to anyone (other than root) not
in the "telecoms" group.

There are no users whose primary group is "telecoms", but there are three
users that have this group set as a secondary group.

This setup used to allow anyone that was a member of the telecoms group to
read the contents of this share/directory and its files, as well as write
to them.

Now they can only read -- All write permission is revoked, I am not certain
whether it worked after upgrading, but since that is just about the only
change I am sure that it has not worked since the upgrade.

Can anyone tell me how I might achieve my goal? (of allowing write permission
for a group when the relevant user is a member of that group, but it isn't
their primary group)

The pertinent data follows:-
---
/etc/group file contains:
pcusers:x:1000:
telecoms:x:1002:conh,rob,sam,ccm
---
/etc/passwd file contains:
rob:x:1003:1000:rob (PC User):/home/samba/pcusers/rob:/bin/false
sam:x:1006:1000:sam (PC User):/home/samba/pcusers/sam:/bin/false
---
directory permissions:
drwxrwx---    3 root     telecoms     4096 Nov  1 14:39 Call Reports/
---
smb.conf contains:
[global]
         workgroup = GFMNET
         netbios name = GFMNET01
         server string = Primary Domain Controller
         encrypt passwords = Yes
         log file = /var/log/samba/log.%m
         max log size = 50
         socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
         logon script = %u.bat
         logon path = \\GFMNET01\profiles\%U
         logon drive = M:
         logon home = \\GFMNET01\%U
         domain logons = Yes
         os level = 64
         preferred master = True
         domain master = True
         dns proxy = No
         wins support = Yes

[printers]
         comment = All Printers
         path = /var/spool/samba
         printable = Yes
         browseable = No

[homes]
         comment = Home Directory
         guest ok = no
         valid users = @pcusers
         read only = No
         browseable = No

[NETLOGON]
         path = /home/samba/netlogon

[profiles]
         path = /home/samba/profiles
         read only = No
         create mask = 0600
         directory mask = 0700

[Call Reports]
         comment = Telephone Stats Call Reports
         create mask = 0660
         path = /home/samba/Call Reports

[Call Centre]
         comment = Call Centre Management
         create mask = 0660
         path = /home/samba/Call Centre
---

Thanks,

Con.





More information about the samba-ntdom mailing list