Samba security setting question
George Liu
George.Liu at noaa.gov
Mon Jan 5 21:37:41 GMT 2009
David Collier-Brown wrote:
> That's normal Unix behavior: I can change directory to anyone's directory,
> and, if and only if they permit me to, read and write their files.
>
> The default is to let anyone read but no-one write (chmod 755
> directory), while
> people assigned to work in groups may choose to let fellow group members
> both read and write (chmod 775).
>
> For schools, I usually put students in one group, teachers in another and
> change the default to allow people in the same group to read, but prohibit
> people not in the group (called "other" users) from either reading or
> writing.
> (chmod 750)
>
> Directories for handing in student work should be writable by students,
> but not
> readable by them, and "sticky" to prevent one student from overwriting
> another's file.
> (chgrp students; chmod 730; chmod g+s)
>
>
I believe you mean "chmod +t". :-)
--George
> --dave
>
> John Sun wrote:
>
>> Hi,
>>
>> I am working on a Samba server over Redhat Linux. It was successfully joined a Windows Active Directory Domain, and all users authentication were controlled well by a LDAP server.
>>
>> However, my problems are:
>>
>> (1) After a user connect to the Samba share, the user can open others' share without prompting username and password. By the way the security setting in samba.conf is "ADS"
>> (2) I can't stop local user accounts, apache, noboby to get on the Samba server.
>>
>> Here is part of samba.conf file:
>>
>> # Security mode. Most people will want user level security. See
>> # security_level.txt for details.
>> security = ADS
>> # Use password server option only with security = server
>> ; password server = <NT-Server-Name>
>>
>> PLEASE HELP!
>>
>> Looking forward to your earliest reply.
>>
>> John
>>
>>
>>
>
>
>
More information about the samba-technical
mailing list