[Samba] Re: samba sam problem [version 2.2.3a on RH 8]

[Dan Bar]

Erlend Sannerud wrote:

> Hi folks
>  
> I'm new to this list, fresh into linux and samba. Simply love it :-)
>  
> I have a customer that have about 10 XP pro machines connected to a
> linux samba server. Since there are a quite few documents that only two
> of the users are going to see, I use groups and different shares.
>  
> This setup have been working for a while. Today everyone got access to
> everything - not good. Actualy very very very bad. I have tried to
> reboot the smbd service, reboot the whole server and I even tried to
> delete users and groups, and make new ones. No go.
>  

1. it's time to go for upgrade - I suggest 2.2.8a if you do not want to 
go to 3.0.

2. when configuring access permissions, its better if you do it not just 
rely on smb.conf parameters (as valid users, read list ...), but on 
filesystem level perms too. Filesystem level perms might be a second 
level block - in case Samba (e.g. because of bug or misconfig) fails.

See - when user wants to access a certain share, Samba daemon (running 
uner root privileges) forks a process running with priviliges of that 
user. (only in case you do not use "force user/group" parameter for 
share). If you set filesystem perms properly, he cannot simly go to 
wrong dirs/files.

Dan


P.S. in case rwx access rights params are limiting to you, then go for 
ACL -> I suggest XFS filesystem (patch and recompile kernel)+ recompile 
Samba with "--with-acl-support" switch.