user/group verification
Con Harte
con at gfm.co.uk
Tue Nov 27 05:49:06 GMT 2001
Hi.
I have been running a Samba server as PDC for sometime now, and recently
upgraded from 2.2.1a to 2.2.2 (on a RedHat Linux 7.1 system)
I had a share which had permissions allowing group "telecoms" read and write
access, owned by "root", and denying access to anyone (other than root) not
in the "telecoms" group.
There are no users whose primary group is "telecoms", but there are three
users that have this group set as a secondary group.
This setup used to allow anyone that was a member of the telecoms group to
read the contents of this share/directory and its files, as well as write
to them.
Now they can only read -- All write permission is revoked, I am not certain
whether it worked after upgrading, but since that is just about the only
change I am sure that it has not worked since the upgrade.
Can anyone tell me how I might achieve my goal? (of allowing write permission
for a group when the relevant user is a member of that group, but it isn't
their primary group)
The pertinent data follows:-
---
/etc/group file contains:
pcusers:x:1000:
telecoms:x:1002:conh,rob,sam,ccm
---
/etc/passwd file contains:
rob:x:1003:1000:rob (PC User):/home/samba/pcusers/rob:/bin/false
sam:x:1006:1000:sam (PC User):/home/samba/pcusers/sam:/bin/false
---
directory permissions:
drwxrwx--- 3 root telecoms 4096 Nov 1 14:39 Call Reports/
---
smb.conf contains:
[global]
workgroup = GFMNET
netbios name = GFMNET01
server string = Primary Domain Controller
encrypt passwords = Yes
log file = /var/log/samba/log.%m
max log size = 50
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
logon script = %u.bat
logon path = \\GFMNET01\profiles\%U
logon drive = M:
logon home = \\GFMNET01\%U
domain logons = Yes
os level = 64
preferred master = True
domain master = True
dns proxy = No
wins support = Yes
[printers]
comment = All Printers
path = /var/spool/samba
printable = Yes
browseable = No
[homes]
comment = Home Directory
guest ok = no
valid users = @pcusers
read only = No
browseable = No
[NETLOGON]
path = /home/samba/netlogon
[profiles]
path = /home/samba/profiles
read only = No
create mask = 0600
directory mask = 0700
[Call Reports]
comment = Telephone Stats Call Reports
create mask = 0660
path = /home/samba/Call Reports
[Call Centre]
comment = Call Centre Management
create mask = 0660
path = /home/samba/Call Centre
---
Thanks,
Con.
More information about the samba-ntdom
mailing list