[Samba] Changing ownership of a file or folder from within
windows?
ctstre04
ctstre04 at re.nettuno.it
Wed Jul 2 09:42:34 GMT 2003
----- Original Message -----
From: "Tom Pride" <tpride at dpiwe.tas.gov.au>
To: <samba at lists.samba.org>
Sent: Wednesday, July 02, 2003 4:02 AM
Subject: [Samba] Changing ownership of a file or folder from within windows?
> Hi everyone,
>
> I have a Redhat 8 server running samba 2.2.8a and have configured samba
> to use winbind so that I can control access to the file shares using
> user and group accounts that have been set up in our windows NT domain.
> This all works fine on the shares I set up from within the smb.conf
> file. Windows 2000 users can access the shares just by logging into our
> domain. But what I would like to do is control user or group access to a
> file or a folder that has been created underneath one of the initial
> samba shares. For example: if I have a samba share called "temp" and I
> then access this share from a windows 2000 PC and create a new folder
> inside "temp" called "myfolder" can I then go to the properties of this
> new folder, click on the security tab and then add or remove users or
> groups from the NT domain that can have access to "myfolder". At the
> moment if I try do this I can add users or groups from our domain and
> specify what access each should have ie: read only or full control, but
> when I click on the "OK" button to apply these changes I get an error
> saying "Unable to save permission changes on myfolder. Access is denied"
> . Is this type of permission change possible and if so what am I doing
> wrong?
>
> Just as an asside, I have set samba up as a windows print server in the
> past using winbind and our NT domain accounts/groups for authentication
> and have been able to control access to the shared printers through the
> security tab no problems.
>
> Cheers
> Tom
>
>
>
> Below is a copy of my smb.conf file:
>
> # This is the main Samba configuration file. You should read the
> # smb.conf(5) manual page in order to understand the options listed
> # here. Samba has a huge number of configurable options (perhaps too
> # many!) most of which are not shown in this example
> #
> # Any line which starts with a ; (semi-colon) or a # (hash)
> # is a comment and is ignored. In this example we will use a #
> # for commentry and a ; for parts of the config file that you
> # may wish to enable
> #
> # NOTE: Whenever you modify this file you should run the command
"testparm"
> # to check that you have not many any basic syntactic errors.
> #
> #======================= Global Settings
> =====================================
> [global]
>
> ##
> ## Basic Server Settings
> ##
>
> # workgroup = NT-Domain-Name or Workgroup-Name, eg: REDHAT4
> workgroup = DPIWE
>
> # server string is the equivalent of the NT Description field
> server string = sybil
>
> # This option is important for security. It allows you to
restrict
> # connections to machines which are on your local network. The
> # following example restricts access to two C class networks and
> # the "loopback" interface. For more examples of the syntax see
> # the smb.conf man page
> ; hosts allow = 192.168.1. 192.168.2.0./24
> 192.168.3.0/255.255.255.0 127.0.0.1
>
> # Uncomment this if you want a guest account, you must add this
> to /etc/passwd
> # otherwise the user "nobody" is used
> ; guest account = pcguest
>
> # this tells Samba to use a separate log file for each machine
> # that connects
> #log file = /usr/local/samba/var/log.%m
>
> # How much information do you want to see in the logs?
> # default is only to log critical messages
> log level = 2
>
> # Put a capping on the size of the log files (in Kb).
> max log size = 50
>
> # Security mode. Most people will want user level security. See
> # security_level.txt for details.
> security = domain
>
> # Using the following line enables you to customise your
> configuration
> # on a per machine basis. The %m gets replaced with the netbios
> name
> # of the machine that is connecting.
> # Note: Consider carefully the location in the configuration
> file of
> # this line. The included file is read at that point.
> ; include = /usr/local/samba/lib/smb.conf.%m
>
> # Most people will find that this option gives better
performance.
> # See speed.txt and the manual pages for details
> # You may want to add the following on a Linux system:
> # SO_RCVBUF=8192 SO_SNDBUF=8192
> socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
>
> # Configure Samba to use multiple interfaces
> # If you have multiple network interfaces and want to limit
> smbd will
> # use, list the ones desired here. Otherwise smbd & nmbd will
> bind to all
> # active interfaces on the system. See the man page for details.
> ; interfaces = 192.168.12.2/24 192.168.13.2/24
>
> # Should smbd report that it has MS-DFS Capabilities? Only
> available
> # if --with-msdfs was passed to ./configure
> ; host msdfs = yes
>
> ##
> ## Network Browsing
> ##
> # set local master to no if you don't want Samba to become a
master
> # browser on your network. Otherwise the normal election rules
> apply
> local master = no
>
> # OS Level determines the precedence of this server in master
> browser
> # elections. The default value (20) should be reasonable
> ; os level = 20
>
> # Domain Master specifies Samba to be the Domain Master
> Browser. This
> # allows Samba to collate browse lists between subnets. Don't
> use this
> # if you already have a Windows NT domain controller doing this
job
> ; domain master = yes
>
> # Preferred Master causes Samba to force a local browser
> election on startup
> # and gives it a slightly higher chance of winning the election
> ; preferred master = yes
>
>
> ##
> ## WINS & Name Resolution
> ##
> # Windows Internet Name Serving Support Section:
> # WINS Support - Tells the NMBD component of Samba to enable
> it's WINS Server
> ; wins support = yes
>
> # WINS Server - Tells the NMBD components of Samba to be a WINS
> Client
> # Note: Samba can be either a WINS Server, or a WINS
> Client, but NOT both
> wins server = 147.109.11.238
>
> # WINS Proxy - Tells Samba to answer name resolution queries on
> # behalf of a non WINS capable client, for this to work there
> must be
> # at least one WINS Server on the network. The default is NO.
> ; wins proxy = yes
>
> # DNS Proxy - tells Samba whether or not to try to resolve
> NetBIOS names
> # via DNS nslookups.
> dns proxy = no
>
>
> ##
> ## Passwords & Authentication
> ##
> # Use password server option only with security = server
> # The argument list may include:
> # password server = My_PDC_Name [My_BDC_Name]
[My_Next_BDC_Name]
> # or to auto-locate the domain controller/s
> password server = *
> ; password server = <NT-Server-Name>
>
> # You may wish to use password encryption. Please read
> # ENCRYPTION.txt, Win95.txt and WinNT.txt in the Samba
> documentation.
> # Do not enable this option unless you have read those documents
> encrypt passwords = yes
>
> # Should smbd obey the session and account lines in
> /etc/pam.d/samba ?
> # only available if --with-pam was used at compile time
> ; obey pam restrictions = yes
>
> # When using encrypted passwords, Samba can synchronize the local
> # UNIX password as well. You will also need the "passwd chat"
> parameters
> ; unix password sync = yes
>
> # how should smbd talk to the local system when changing a UNIX
> # password? See smb.conf(5) for details
> ; passwd chat = <custom chat string>
>
> # This is only available if you compiled Samba to include
> --with-pam
> # Use PAM for changing the password
> ; pam password change = yes
>
> ##
> ## Domain Control
> ##
> # Enable this if you want Samba act as a domain controller.
> # make sure you have read the Samba-PDC-HOWTO included in the
> documentation
> # before enabling this parameter
> ; domain logons = yes
>
> # if you enable domain logons then you may want a per-machine or
> # per user logon script
> # run a specific logon batch file per workstation (machine)
> ; logon script = %m.bat
> # run a specific logon batch file per username
> ; logon script = %U.bat
>
> # Where to store roving profiles (only for Win95 and WinNT)
> # %L substitutes for this servers netbios name, %U is
> username
> # You must uncomment the [Profiles] share below
> ; logon path = \\%L\Profiles\%U
>
> # UNC path specifying the network location of the user's home
> directory
> # only used when acting as a DC for WinNT/2k/XP. Ignored by
> Win9x clients
> ; logon home = \\%L\%U
>
> # What drive should the "logon home" be mounted at upon login ?
> # only used when acting as a DC for WinNT/2k/XP. Ignored by
> Win9x clients
> ; logon drive = H:
>
> ##
> ## Printing
> ##
>
> # If you want to automatically load your printer list rather
> # than setting them up individually then you'll need this
> ; load printers = yes
>
> # you may wish to override the location of the printcap file
> ; printcap name = /etc/printcap
>
> # on SystemV system setting printcap name to lpstat should allow
> # you to automatically obtain a printer list from the SystemV
spool
> # system
> ; printcap name = lpstat
>
> # It should not be necessary to specify the print system type
> unless
> # it is non-standard. Currently supported print systems include:
> # bsd, sysv, plp, lprng, aix, hpux, qnx
> ; printing = bsd
>
> # Enable this to make Samba 2.2 behavior just like Samba 2.0
> # not recommended nuless you are sure of what you are doing
> ; disable spoolss = yes
>
> # list of users and groups which should be able to remotely
manage
> # printer drivers installed on the server
> ; printer admin = root, +ntadmin
>
>
> ##
> ## Winbind
> ##
>
> # specify the uid range which can be used by winbindd
> # to allocate uids for Windows users as necessary
> winbind uid = 10000-20000
>
> # specify the uid range which can be used by winbindd
> # to allocate uids for Windows users as necessary
> winbind gid = 10000-20000
>
> # Define a home directory to be given to passwd(5) style entries
> # generated by libnss_winbind.so. You can use variables here
> ; winbind template homedir = /home/%D/%U
>
> # Specify a shell for all winbind user entries return by the
> # libnss_winbind.so library.
> ; winbind template shell = /bin/sh
>
> # What character should be used to separate the DOMAIN and
Username
> # for a Windows user. The default is DOMAIN\user, but many
people
> # prefer DOMAIN+user
> winbind separator = +
>
> winbind enum users = yes
> winbind enum groups = yes
> winbind use default domain = yes
>
> # Winbind cache time sets the amount of time in seconds before it
> # the Primary Domain Controller agian.
> winbind cache time = 600
> #winbind cache time = 15
>
> # Veto the Apple specific files that a NetAtalk server
> # creates.
> veto files = /.AppleDouble/.bin/.AppleDesktop/Network Trash
> Folder/.AppleDB/
> delete veto files = yes
>
> dos filetimes = yes
>
> map archive = yes
>
>
> #============================ Share Definitions
> ==============================
>
> #[cit]
> # comment = Test Directory
> # path = /tmp
> # public = no
> # browseable = yes
> # writable = yes
> # valid users = @dpiwe+cit
>
> [Graphic Serv]
> comment = Graphic Services
> path = /data/sybil/Graphic_Services
> public = no
> writeable = yes
> browseable = yes
> valid users = @dpiwe+gsu, @dpiwe+gsu_mgmt, @dpiwe+cit
> create mask = 0777
> directory mask = 0777
> force create mode = 0777
> force directory mode = 0777
>
> [Photogram]
> comment = Photogrammetry
> path = /data/sybil/Photogrammetry
> public = no
> browseable = yes
> read list = @dpiwe+tis, dpiwe+daustin, dpiwe+mnoonan,
> dpiwe+mgay, dpiwe+ssellers
> write list = @dpiwe+gpr, @dpiwe+gpr_mgmt
> create mask = 0777
> directory mask = 0777
> force create mode = 0777
> force directory mode = 0777
>
> [Reprographic]
> comment = Reprographics
> path = /data/sybil/Reprographics
> writeable = yes
> public = no
> browseable = yes
> valid users = @dpiwe+gpr, @dpiwe+gpr_mgmt, @dpiwe+cit,
> dpiwe+gharrington
> create mask = 0777
> directory mask = 0777
> force create mode = 0777
> force directory mode = 0777
>
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: http://lists.samba.org/mailman/listinfo/samba
>
>
Hi all,
maybe you have to use a Posix acl filesystem and compile samba with acl
support to do this,
this link may help you
http://homex.subnet.at/~max/
Andrea Baldi - ZEN Sistemi srl - Italy
More information about the samba
mailing list