Samba security setting question

David Collier-Brown davecb at sun.com
Wed Jan 7 16:13:40 GMT 2009 

George Liu wrote:
> David Collier-Brown wrote:
>   
>> That's normal Unix behavior:  I can change directory to anyone's directory,
>> and, if and only if they permit me to, read and write their files. 
>>
>> The default is to let anyone read but no-one write (chmod 755
>> directory), while
>> people assigned to work in groups may choose to let fellow group members
>> both read and write (chmod 775).
>>
>> For schools, I usually put students in one group, teachers in another and
>> change the default to allow people in the same group to read, but prohibit
>> people not in the group (called "other" users) from either reading or
>> writing.
>> (chmod 750)
>>
>> Directories for handing in student work should be writable by students,
>> but not
>> readable by them, and "sticky" to prevent one student from overwriting
>> another's file.
>> (chgrp students; chmod 730; chmod g+s)
>>
>>   
>>     
> I believe you mean "chmod +t". :-)         
> --George
>   


Whoops! Indeed I did, thanks!

--dave
>> --dave
>>
>> John Sun wrote:
>>   
>>     
>>> Hi,
>>>
>>> I am working on a Samba server over Redhat Linux. It was successfully joined a Windows Active Directory Domain, and all users authentication were controlled well by a LDAP server.
>>>
>>> However, my problems are:
>>>
>>> (1) After a user connect to the Samba share, the user can open others' share without prompting username and password. By the way the security setting in samba.conf is "ADS"
>>> (2) I can't stop local user accounts, apache, noboby to get on the Samba server.
>>>
>>> Here is part of samba.conf file:
>>>
>>> # Security mode. Most people will want user level security. See
>>> # security_level.txt for details.
>>>         security = ADS
>>> # Use password server option only with security = server
>>> ;   password server = <NT-Server-Name>
>>>
>>> PLEASE HELP!
>>>
>>> Looking forward to your earliest reply.
>>>
>>> John
>>>
>>>   
>>>     
>>>       
>>   
>>     
>
>
>   


-- 
David Collier-Brown            | Always do right. This will gratify
Sun Microsystems, Toronto      | some people and astonish the rest
davecb at sun.com                 |                      -- Mark Twain
cell: (647) 833-9377, bridge: (877) 385-4099 code: 506 9191#

More information about the samba-technical mailing list