Réf. : Re: [Samba] SAMBA Groups and Permissions
stephane.purnelle at corman.be
stephane.purnelle at corman.be
Thu Dec 4 10:47:25 GMT 2003
I confirm that Malte Müller says.
If you want to set multiple group acces, you must use ACL.
the valid user parameter in smb.conf force the right of directory but the
unix right is only for group user.
-----------------------------------
Stéphane PURNELLE stephane.purnelle at corman.be
Service Informatique Corman S.A. Tel : 00 32 087/342467
mamue at lb-bbs1.emd.ni.schule.de
Envoyé par : Pour : "Michael Gasch" <gasch at eva.mpg.de>
samba-bounces+stephane.purnelle=corman.be at lists cc : samba at lists.samba.org
.samba.org Objet : Re: [Samba] SAMBA Groups and Permissions
04/12/2003 11:41
I am not shure if i got you right. You do not tell us the access rights of
the directory concerned.
If you'r primary uninx group is user and your dir. has:
drwx---rwx root user board
they forbid your access. then you are not allowed to access, because group
rights match first and If you weren't user but world, then you would be
allowed. This has nothing to do with samba.
You might want to change the group to nogroup and work with acls (if ext3,
XFS and alike). Or if you have plenty of CPU-cycles to waste you might
work with "valid users" in smb.conf.
But i'm not a security or filesystem-expert and may be completely wrong.
Kind regards,
Malte Müller
> hi
>
> i have a user
>
> ~# id test_user
> uid=500,gid=500 (users),groups (users,kids)
>
> as you can see, this user is in primary group "users" and also member of
> group "kids"
>
> if he tries to access /home/board via smb (Samba 3.0 + openldap) from a
> windows client (XP), he fails, because his
>
> sambaPrimaryGroupSID maps to -> "users"
>
> and /home/board is not accessible for group "users" - just for "kids"
> if i add
>
> valid users = @kids
>
> to /home/board - share, access is granted
>
> isn't it possible in samba, that the user "test_user" gets an attribute
> like
>
> sambaSecondaryGroup in ldap ????
>
> so that samba knows: "this user is in group users AND kids, so i have to
> try connections to share /home/board as group users AND kids" ???
>
> if i login locally to the samba PDC with a console as "test_user",
> access to /home/board is granted, 'cause i'm member of "kids"
>
> so there's no permission problem
>
> please help me !!!
>
> greez
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: http://lists.samba.org/mailman/listinfo/samba
>
>
>
--
To unsubscribe from this list go to the following URL and read the
instructions: http://lists.samba.org/mailman/listinfo/samba
More information about the samba
mailing list