Samba security setting question
David Collier-Brown
davecb at sun.com
Wed Jan 7 16:13:40 GMT 2009
George Liu wrote:
> David Collier-Brown wrote:
>
>> That's normal Unix behavior: I can change directory to anyone's directory,
>> and, if and only if they permit me to, read and write their files.
>>
>> The default is to let anyone read but no-one write (chmod 755
>> directory), while
>> people assigned to work in groups may choose to let fellow group members
>> both read and write (chmod 775).
>>
>> For schools, I usually put students in one group, teachers in another and
>> change the default to allow people in the same group to read, but prohibit
>> people not in the group (called "other" users) from either reading or
>> writing.
>> (chmod 750)
>>
>> Directories for handing in student work should be writable by students,
>> but not
>> readable by them, and "sticky" to prevent one student from overwriting
>> another's file.
>> (chgrp students; chmod 730; chmod g+s)
>>
>>
>>
> I believe you mean "chmod +t". :-)
> --George
>
Whoops! Indeed I did, thanks!
--dave
>> --dave
>>
>> John Sun wrote:
>>
>>
>>> Hi,
>>>
>>> I am working on a Samba server over Redhat Linux. It was successfully joined a Windows Active Directory Domain, and all users authentication were controlled well by a LDAP server.
>>>
>>> However, my problems are:
>>>
>>> (1) After a user connect to the Samba share, the user can open others' share without prompting username and password. By the way the security setting in samba.conf is "ADS"
>>> (2) I can't stop local user accounts, apache, noboby to get on the Samba server.
>>>
>>> Here is part of samba.conf file:
>>>
>>> # Security mode. Most people will want user level security. See
>>> # security_level.txt for details.
>>> security = ADS
>>> # Use password server option only with security = server
>>> ; password server = <NT-Server-Name>
>>>
>>> PLEASE HELP!
>>>
>>> Looking forward to your earliest reply.
>>>
>>> John
>>>
>>>
>>>
>>>
>>
>>
>
>
>
--
David Collier-Brown | Always do right. This will gratify
Sun Microsystems, Toronto | some people and astonish the rest
davecb at sun.com | -- Mark Twain
cell: (647) 833-9377, bridge: (877) 385-4099 code: 506 9191#
More information about the samba-technical
mailing list