[Samba] replacing a w2k machine with samba 2.2.7a

Alex Kramarov alex at incredimail.com
Mon Jan 6 21:36:01 GMT 2003 

of course, i have thought about this, but it would be unfortunate to loose
the file owner information. i would think that thre would be a more adequate
way to handle such situation

----- Original Message -----
From: "James Kosin" <jkosin at intcomgrp.com>
To: <samba at lists.samba.org>
Sent: Monday, January 06, 2003 11:01 PM
Subject: RE: [Samba] replacing a w2k machine with samba 2.2.7a


> Alex,
>
> Hi...
> The way I got around this was to create a share and use the "force user"
and
> "force group" options on the share.  This makes everyone that can login to
> the share have owner access to all files.  This should solve your problems
> and allow everyone to change RW options on the files.
>
> I used nobody as the owner and group!  Just for security reasons, I don't
> like using root for this.
>
> Thanks,
> James Kosin
>
> Original Message
> ---------------------------
> Message: 3
> From: "Alex Kramarov" <alex at incredimail.com>
> To: <samba at lists.samba.org>
> Date: Mon, 6 Jan 2003 19:10:48 +0200
> Subject: [Samba] replacing a w2k machine with samba 2.2.7a
>
> This is a multi-part message in MIME format.
>
> ------=_NextPart_000_0005_01C2B5B7.5276B870
> Content-Type: text/plain;
> charset="windows-1255"
> Content-Transfer-Encoding: quoted-printable
>
> Hi.
>
> First, i would like to thank samba developers for producing such a good =
> product. Second, i have a few questions/remarks :
>
> I have recently replaced a w2k file server running in w2k domain (native =
> mode) with samba 2.2.7a on RH 7.3 with the latest kernel, no acl, =
> configured winbind, and ran into the problem described here :
>
> http://lists.samba.org/pipermail/samba-technical/2001-October/032017.html=
>
>
> it would be helpful if this info made it's way into the winbind.html at =
> the doc directory of the samba distribution - i waisted an hour tracking =
> it down, and other people may just give up on it before finding the =
> solution.
>
> After configuring everything, my samba server is running for 2 weeks =
> already , without any major problems. i have a few minor problems though =
> :
>
> generally, this server holds a few shares for several different groups =
> in my organization. each share is writable for members of that group, =
> and readable for the rest. this is accomplished by the following setup =
> (a sniplet from my smb.conf regargding the "_creative" share):
>
> [global]
>      workgroup =3D MyOrg
>      winbind separator =3D +
>      winbind uid =3D 10000-20000
>      winbind gid =3D 10000-20000
>      winbind enum users =3D yes
>      winbind enum groups =3D yes
>      template homedir =3D /mnt/usersdata/_users/%U
>      security =3D domain
>      encrypt passwords =3D yes
>      dos filemode =3D yes
> #     security mask =3D 0000
> [_Creative]
>    comment =3D Creative division
>    path =3D /mnt/gendata/_creative
>    read only =3D no
>    create mode =3D 664
>    directory mode =3D 775
>    force security mode =3D 664
>    force group =3D +MyOrg+Creative
>    write list =3D @MyOrg+Creative
>
> all files written to the share are mode 664, and directories are 775 .=20
>
> There is a problem though, when an owner of the file sets the file read =
> only, noone except him can remove the read only attribute, since the =
> file becomes 444. i tried dos filemode - it's is not much help. is there =
> a solution for this ? the problem is escalated by people copying many =
> read only files into the share (like pictures from a cd), and other =
> users can't remove the read only attribute.
>
> trying to solve the problem, i have tried to set "security mask =3D =
> 0000" - but this was completely not helpful, setting files read only =
> still worked. another problem was uncovered with this line - for some =
> reason, people working in m$ work (yacccs) were not able to save their =
> documents while working on the samba share - for some reason suring the =
> save operation the file got the 000 permission, and of course nother =
> else could be done with the file until i fixed the problem by chmod 664 =
> of the file.=20
>
> nt has the option to grans write control to a share, and full control. i =
> would really like to make these shares only write accessible, and all =
> attribute shanges would not be propagated tothe files themselvs - i =
> don't mind that a person will not be able to set a file read only. all i =
> want is for all my files to have the permission i set in createmode, =
> whatever the user tries to do to it.=20
>
> I have read the entire smb.conf documentation, and didn't find anything =
> that could help me. am i missing something ? am i looking at is from the =
> wrong direction ?
>
> right now the only solution i have is a cron job ran daily that runs =
> find on all shared directories and changes permissions of all files to =
> the default, and of course, this is not much of a solution...
>
> addition question i have is as follows : i want to provide a group of my =
> users with a home directory, but not all of them - some users are =
> administrative users only, and they don't need home dirs. i have started =
> with something like this :
>
> [homes]
>    comment =3D Home Directories
>    path =3D /mnt/usersdata/_users/%S
>    browseable =3D no
>    writable =3D yes
>    valid users =3D MyOrg+alex MyOrg+alon MyOrg+ariela=20
>    create mode =3D 0644
>    directory mode =3D 0755
>
> and these users get their directories fine, but these users who are not =
> in valid users (and i don't want to provide them with home directories) =
> still see a share of a home directory on that server (of course they =
> can't connect to it, since it does't exist on the HD). what better way =
> to do this ?
>
> Thank you.
>
> Alex.
>
> ------------------------------------------
> End of Original Message
>
> ----
> James Kosin <jkosin at intcomgrp.com>
>
> International Communications Group, Inc.
> 200 Enterprise Drive
> Newport News, VA 23603-1300
> -- United States of America --
>
> Voice:   +1 (757) 947-1030 x122
> Fax:      +1 (757) 947-1035
>
> ----
> "Walking on water and developing software to specification
> are easy as long as both are frozen" - Edward V. Berard.
>
>
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  http://lists.samba.org/mailman/listinfo/samba
>
> .

More information about the samba mailing list