[Samba] Understanding NT Groups and UNIX Permissions with Samba
Shares
Garringer, Mark
MGarringer at APACMail.com
Tue Dec 23 16:44:29 GMT 2003
Hello, I am having some problems understanding a few concepts in Samba while
trying to use samba-common-3.0.0-14.3E, samba-client-3.0.0-14.3E and
samba-3.0.0-14.3E on RHE 3.0.
Basically, I have security = domain. My system is running winbind, I've
added the winbind calls to nsswitch.conf. I can get my wbinfo -u and wbinfo
-g commands to show me what I want. That all seems happy.
I have a test share as follows:
[var]
path = /var
read only = yes
valid users = "APAC+GL Tech Services"
admin users = "APAC+Domain Admins"
and a second share:
[hidden]
path = /var/SECRET
read only = no
valid users = "APAC+Pants"
The permissions on /var/SECRET are as follows:
[root at rhcr0005 var]# ls -ld SECRET/
drwxr-x--- 2 root Pants 4096 Dec 18 17:28 SECRET/
I am, of course, a member of both groups GL Tech Services and Pants. When I
browse to the /var share, I can descend into the SECRET folder. When I
browse to the /hidden share, I get Network access is denied. In the samba
log for my machine, I get errors like:
[2003/12/23 10:40:38, 0] smbd/service.c:set_current_service(56)
chdir (/var/SECRET) failed
[2003/12/23 10:40:38, 0] smbd/service.c:set_current_service(56)
chdir (/var/SECRET) failed
I guess, from the best of my understanding, that when I connect to nmbd it
doesn't know about all my group memberships? If I chmod the /var/SECRET
directory back to 755 however, everything works fine.
I know my way around UNIX level permissions and groups just fine, but I
guess I am missing something here.
Thanks!
Mark Garringer
Manager, Systems Administration
"Whatever it takes."
APAC Customer Services
(319)896-2289
More information about the samba
mailing list