[Samba] replacing a w2k machine with samba 2.2.7a
alex at incredimail.com
Mon Jan 6 17:14:01 GMT 2003
First, i would like to thank samba developers for producing such a good product. Second, i have a few questions/remarks :
I have recently replaced a w2k file server running in w2k domain (native mode) with samba 2.2.7a on RH 7.3 with the latest kernel, no acl, configured winbind, and ran into the problem described here :
it would be helpful if this info made it's way into the winbind.html at the doc directory of the samba distribution - i waisted an hour tracking it down, and other people may just give up on it before finding the solution.
After configuring everything, my samba server is running for 2 weeks already , without any major problems. i have a few minor problems though :
generally, this server holds a few shares for several different groups in my organization. each share is writable for members of that group, and readable for the rest. this is accomplished by the following setup (a sniplet from my smb.conf regargding the "_creative" share):
workgroup = MyOrg
winbind separator = +
winbind uid = 10000-20000
winbind gid = 10000-20000
winbind enum users = yes
winbind enum groups = yes
template homedir = /mnt/usersdata/_users/%U
security = domain
encrypt passwords = yes
dos filemode = yes
# security mask = 0000
comment = Creative division
path = /mnt/gendata/_creative
read only = no
create mode = 664
directory mode = 775
force security mode = 664
force group = +MyOrg+Creative
write list = @MyOrg+Creative
all files written to the share are mode 664, and directories are 775 .
There is a problem though, when an owner of the file sets the file read only, noone except him can remove the read only attribute, since the file becomes 444. i tried dos filemode - it's is not much help. is there a solution for this ? the problem is escalated by people copying many read only files into the share (like pictures from a cd), and other users can't remove the read only attribute.
trying to solve the problem, i have tried to set "security mask = 0000" - but this was completely not helpful, setting files read only still worked. another problem was uncovered with this line - for some reason, people working in m$ work (yacccs) were not able to save their documents while working on the samba share - for some reason suring the save operation the file got the 000 permission, and of course nother else could be done with the file until i fixed the problem by chmod 664 of the file.
nt has the option to grans write control to a share, and full control. i would really like to make these shares only write accessible, and all attribute shanges would not be propagated tothe files themselvs - i don't mind that a person will not be able to set a file read only. all i want is for all my files to have the permission i set in createmode, whatever the user tries to do to it.
I have read the entire smb.conf documentation, and didn't find anything that could help me. am i missing something ? am i looking at is from the wrong direction ?
right now the only solution i have is a cron job ran daily that runs find on all shared directories and changes permissions of all files to the default, and of course, this is not much of a solution...
addition question i have is as follows : i want to provide a group of my users with a home directory, but not all of them - some users are administrative users only, and they don't need home dirs. i have started with something like this :
comment = Home Directories
path = /mnt/usersdata/_users/%S
browseable = no
writable = yes
valid users = MyOrg+alex MyOrg+alon MyOrg+ariela
create mode = 0644
directory mode = 0755
and these users get their directories fine, but these users who are not in valid users (and i don't want to provide them with home directories) still see a share of a home directory on that server (of course they can't connect to it, since it does't exist on the HD). what better way to do this ?
-------------- next part --------------
HTML attachment scrubbed and removed
More information about the samba