Samba security setting question

David Collier-Brown davec-b at rogers.com
Mon Jan 5 19:54:20 GMT 2009


That's normal Unix behavior:  I can change directory to anyone's directory,
and, if and only if they permit me to, read and write their files. 

The default is to let anyone read but no-one write (chmod 755
directory), while
people assigned to work in groups may choose to let fellow group members
both read and write (chmod 775).

For schools, I usually put students in one group, teachers in another and
change the default to allow people in the same group to read, but prohibit
people not in the group (called "other" users) from either reading or
writing.
(chmod 750)

Directories for handing in student work should be writable by students,
but not
readable by them, and "sticky" to prevent one student from overwriting
another's file.
(chgrp students; chmod 730; chmod g+s)

--dave

John Sun wrote:
> Hi,
>
> I am working on a Samba server over Redhat Linux. It was successfully joined a Windows Active Directory Domain, and all users authentication were controlled well by a LDAP server.
>
> However, my problems are:
>
> (1) After a user connect to the Samba share, the user can open others' share without prompting username and password. By the way the security setting in samba.conf is "ADS"
> (2) I can't stop local user accounts, apache, noboby to get on the Samba server.
>
> Here is part of samba.conf file:
>
> # Security mode. Most people will want user level security. See
> # security_level.txt for details.
>         security = ADS
> # Use password server option only with security = server
> ;   password server = <NT-Server-Name>
>
> PLEASE HELP!
>
> Looking forward to your earliest reply.
>
> John
>
>   


-- 
David Collier-Brown,         | Always do right. This will gratify
System Programmer and Author | some people and astonish the rest
davecb at spamcop.net           |                      -- Mark Twain
(416) 223-8968



More information about the samba-technical mailing list