[Samba] samba pdc premissions problem
Tiago de Oliveira Quadra
tquadra at landesigners.com.br
Mon Apr 14 19:19:49 GMT 2003
Hello Everybody,
I have samba 2.2.8a instaled on a RedHat 7.3 Gnu/Linux.
I'm trying to setup a Samba as a PDC Server for Win2K/XP/98 workstations.
The basic stuff did very well, everybody can join and access the domain.
But now I want the shares by departments and give only access to the correct users.
I tried to setup a group policy between my users and shares doing the following:
I created 2 basic groups, smbusers and smbcomputers, GID 101 and 102 respectively and I created 6 specific groups: compras, contabil, diretoria, dp, engenharia and financeiro.
I also created the folowing directory structure:
/home/Netlogon set to root:smbusers and 0755.
/home/Profiles set to root:smbusers and 0050.
/home/Users set to root:smbusers and 0050.
/home/Depts set to root:smbusers and 0050.
on /home/Depts I have to following.
/home/Depts/Compras set to root:compras 0070
/home/Depts/Contabil set to root:contabil 0070
/home/Depts/Diretoria set to root:diretoria 0070
/home/Depts/DP set to root:dp 0070
/home/Depts/Engenharia set to root:engenharia 0070
/home/Depts/Financeiro set to root:financeiro 0070
All Samba users primary group is one of the specific groups (from compras to financeiro) and secondary set to smbusers.
Fog eg.:
in /etc/passwd -> lcohen:x:1015:155::/home/Users/lcohen/:/bin/false
in /etc/group -> smbusers:x:101:lcohen and engenharia:x:155:
My SMB.CONF
# Global parameters
[global]
workgroup = SMBDOM
netbios name = SRV01
server string = Servidor Linux
interfaces = eth0
bind interfaces only = Yes
encrypt passwords = Yes
update encrypted = Yes
pam password change = Yes
unix password sync = Yes
time server = Yes
keepalive = 10000
max open files = 20000
socket options = TCP_NODELAY SO_SNDBUF=8192 SO_RCVBUF=8192
load printers = No
domain admin group = @root root
domain guest group = @nobody
add user script = /usr/sbin/useradd -d /dev/null -g 101 -s /bin/false -M %u
logon script = logon.bat
logon path = \\%L\Profiles\%u
logon drive = H:
logon home = \\%L\Users\%u
domain logons = Yes
os level = 64
lm announce = Yes
preferred master = Yes
domain master = Yes
wins support = Yes
remote announce = 192.168.0.255
admin users = root
[Homes]
comment = User Home Directory
read only = No
hide files = .*
[Profiles]
path = /home/Profiles
read only = No
hide files = .*
[NetLogon]
path = /home/Netlogon
read only = No
browseable = No
[Departamentos]
path = /home/Departamentos
read only = No
inherit permissions = yes
The first time I set up the Samba everything worked fine. But all new files created by the users were unwriteble for everybody. For eg. if the user 'lcohen' create a file on /home/Depts/Engenharia the file become read-only right after it was created, even for the user lcohen.
I tried to change the smb.conf by removing the 'inherit permissions' and putting some 'create mask' or/and 'force create mask'. The first time I tought it worked, but other users start complainning about not been able to access the files. When I look all the files was read-only. I tried to change back the configuration (after lots of tests), but it didn't work.
Now the users only have access if I set up everything with mask 0777 (files and directories).
Please advice,
and sorry for my English, I hope is not that bad.
Tiago Quadra
-------------- next part --------------
# Global parameters
[global]
workgroup = SMBDOM
netbios name = SRV01
server string = Servidor Linux
interfaces = eth0
bind interfaces only = Yes
encrypt passwords = Yes
update encrypted = Yes
pam password change = Yes
unix password sync = Yes
time server = Yes
keepalive = 10000
max open files = 20000
socket options = TCP_NODELAY SO_SNDBUF=8192 SO_RCVBUF=8192
load printers = No
domain admin group = @root root
domain guest group = @nobody
add user script = /usr/sbin/useradd -d /dev/null -g 101 -s /bin/false -M %u
logon script = logon.bat
logon path = \\%L\Profiles\%u
logon drive = H:
logon home = \\%L\Users\%u
domain logons = Yes
os level = 64
lm announce = Yes
preferred master = Yes
domain master = Yes
wins support = Yes
remote announce = 192.168.0.255
admin users = root
[Homes]
comment = User Home Directory
read only = No
hide files = .*
[Profiles]
path = /home/Profiles
read only = No
hide files = .*
[NetLogon]
path = /home/Netlogon
read only = No
browseable = No
[Departamentos]
path = /home/Departamentos
read only = No
inherit permissions = yes
[Sistemas]
path = /home/Sistemas
read only = No
inherit permissions = Yes
[Nasajon]
path = /home/Nasajon
read only = No
force user = root
inherit permissions = Yes
/home
d---r-x--- 8 root smbusers 4096 Apr 2 17:10 Departamentos
drwxr-xr-x 2 root smbusers 4096 Apr 11 20:31 Netlogon
d---r-x--- 22 root smbusers 4096 Apr 11 19:09 Profiles
d---r-x--- 22 root smbusers 4096 Apr 11 19:00 Users
/home/Users
drwx------ 2 lcohen smbusers 4096 Apr 9 09:41 lcohen
/home/Profiles
drwx------ 15 lcohen smbusers 4096 Apr 8 17:47 lcohen
/home/Depts
d---rwx--- 2 root compras 4096 Apr 8 14:38 Compras
d---rwx--- 2 root contabil 4096 Apr 11 11:46 Contabil
d---rwx--- 2 root diretori 4096 Mar 28 17:49 Diretoria
d---rwx--- 2 root dp 4096 Mar 28 17:49 DP
d---rwx--- 2 root engenhar 4096 Mar 28 17:50 Engenharia
d---rwx--- 4 root financei 4096 Apr 14 16:12 Financeiro
/etc/passwd
lcohen:x:1015:155::/home/Users/lcohen/:/bin/false
/etc/group
smbusers:x:101:lcohen
engenharia:x:155:
More information about the samba
mailing list