[Samba] Security issue

Bart bartro at go.ro
Thu Oct 24 10:07:00 GMT 2002


Continuing on my previous inquiry,

	Windows 2000 has the possibility to set numerous permissions on
a number of users, but in the linux ext2 file system I only have the
possibility to set rwx permissions for owner, group and everybody else.
	When I have a win2000 roaming profile (stored on ext2fs with
samba) and I log on to a different computer, the 'extra' permissions of
the NTFS seem to be lost. I have many troubles ppl complaining how file
sharing works one day, but the next day not anymore.
	I really would like to keep the roaming profiles, so any
suggestions are welcome to overcome this problem.

  Bart.

-----Original Message-----
From: samba-admin at lists.samba.org [mailto:samba-admin at lists.samba.org]
On Behalf Of Jay Ts
Sent: 23 octombrie 2002 15:42
To: Bart
Cc: samba at lists.samba.org
Subject: Re: [Samba] Security issue

Bart wrote:
> 	My question is probable more a windows 2000 issue, but since my
> experience is that linux-related mailinglists result in more usable
> information, I give his a try.

That's correct, and maybe you should get a copy of Microsoft's Windows
2000 Resource Kit rather than asking Windows-related questions here.
(Since you are using Windows 2000 as a workstation, the Professional
version of the RK should do it, and you probably don't need the
Server RK.)

> 	Does anybodyy know how the access control in shared win2000
> folders works? I assumed that if you put it on the network with a
share,
> and you would give access rights to the share, this would be
sufficient.

No. The way to do it is to configure access rights using ACLs, and then
share the folder allowing full control.  Or at least, that's the way
Microsoft recommends.

Another method would be to set the ACLs to allow full control, then
set the share permissions, but this is not as fine-grained. (The share
permissions apply to all files and directories in the share, whereas
ACLs can be set individually.)

In either case, be aware that there are two levels of checking: one
at the filesystem level, and another at the sharing level.  Samba also
works like that, since you can set permissions on individual files,
and also set parameters such as 'read only' and 'valid users' in
share definitions in the smb.conf file.

Jay Ts
author, Using Samba, 2nd edition
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba




More information about the samba mailing list