strange permission problem
MCCALL,DON (HP-USA,ex1)
don_mccall at hp.com
Thu Feb 22 13:29:51 GMT 2001
Zheng,
I think this is a side effect of the force group parameter you have for this
share; what it actually does is effectively change the effective groupid of
whoever is attaching to the share to that group; this has the effect of
1. making sure that any file or directory created on the share owned by that
group (which is what most people use it for)
2. making all the files with group permissions for that group on that share
accessible to whoever has attached to that share (since their egid is now
that group) - this is I THINK what is concerning you.
Hope this helps,
Don
-----Original Message-----
From: Zheng Liu [mailto:liu at TI.FhG.DE]
Sent: Thursday, February 22, 2001 3:35 AM
To: samba at us5.samba.org
Subject: strange permission problem
Hi,
I have suddenly a very strange permission probelm with the shares.
No matter what the read permissions in Linux are, ANY user can read
EVERY file in a share. For example I have a shere:
[spycam]
comment = pictures from spy cam
path = /export/spycam
public = yes
create mask = 0660
directory mask = 0770
read list = @smbadm
force group = smbadm
and the directory /export/spycam has permission mode:
drwxrwx--- 3 root smbadm 4096 Sep 19 10:06 /export/spycam/
And it STILL lets everyone read all the files in this directory. It
doesn't
seem to matter who I log into the domain as, if they are a valid
username under Linux, it lets them into the share, and then lets them
read all the files. The permissions also work fine from within the
Linux environment (no surprise.) So samba is using its root-ness to
allow the files to be delivered to any user. Please let me know what
I can do or try, this is really scary... Hier is global section of my
smb.conf:
[global]
workgroup = MYDOMAIN
guest account = nobody
keep alive = 30
os level = 65
kernel oplocks = false
security = user
socket options = TCP_NODELAY
map to guest = Bad User
More information about the samba
mailing list