[Samba] security
Erik Soderquist
esoderquist at mcstamp.com
Mon Oct 13 20:52:32 GMT 2003
Would that I could, but I know nothing of programming. :(
very little of kernel operations either. :(
That being said, I thank all for their help, and will look into making this work on the linux box. Bye bye SCO.
-----Original Message-----
From: Alexey Lobanov [mailto:aal at evidence-cpr.com]
Sent: Monday, October 13, 2003 16:12
To: Erik Soderquist
Cc: samba at lists.samba.org
Subject: RE: [Samba] security
Hi Erik.
On 13 Oct 2003 at 15:46, Erik Soderquist wrote:
Subject: RE: [Samba] security
Date sent: Mon, 13 Oct 2003 15:46:49 -0400
From: "Erik Soderquist" <esoderquist at mcstamp.com>
To: <samba at lists.samba.org>
> Reason I ask, I have SCO 5.0.? With samba installed and it looks like ACL's are
> not an option for this machine. I'm looking at replacing both the SCO box and
> some win2k servers with linux (redhat 9). The main file server isn't an option
> without the ACL's though. What versions of samba have the ACL support?
ACL is present in Samba long ago. So, the recommended version for production
system is the most stable one, 2.2.8a.
I know nothing about ACL support in pre-compiled Red Hat kernels and Samba. ACL
utilities (setfacl, getfacl) and shared libs (libattr, libacl) are present.
Replaced e2fsck? Don't know.
As to me, I prefer to compile the few mission-critical pieces of software
(Linux kernel, Samba, mailserver) from source, just to know the _exact_ set of
active capabilities.
To compile Samba with ACL, you need also to install "acl-development" package
containing libacl&libattr headers; it's present in Red Hat. Without it the "--
with-acl" compile option will provide you some control on Unix 9-bit set of
rights from Windows side, nothing more.
Illustrations:
~$ ldd /usr/local/samba/bin/smbd
libacl.so.1 => /lib/libacl.so.1 (0x4001b000)
libattr.so.1 => /lib/libattr.so.1 (0x40021000)
libdl.so.2 => /lib/libdl.so.2 (0x4014a000)
libnsl.so.1 => /lib/libnsl.so.1 (0x4014d000)
libcrypt.so.1 => /lib/libcrypt.so.1 (0x40161000)
libpopt.so.0 => /lib/libpopt.so.0 (0x4018e000)
libldap.so.2 => /usr/lib/libldap.so.2 (0x40194000)
liblber.so.2 => /usr/lib/liblber.so.2 (0x401b9000)
libc.so.6 => /lib/libc.so.6 (0x401c4000)
libresolv.so.2 => /lib/libresolv.so.2 (0x402e1000)
libsasl.so.7 => /usr/lib/libsasl.so.7 (0x402f1000)
/lib/ld-linux.so.2 => /lib/ld-linux.so.2 (0x40000000)
libdb2.so.2 => /lib/libdb2.so.2 (0x402fc000)
libpam.so.0 => /lib/libpam.so.0 (0x4033d000)
(note libacl & libattr)
:~$ mount
.....
/dev/md0 on /home type ext2 (rw,nosuid,nodev,usrquota,acl)
~$ uname -a
Linux woody 2.4.21 #2 Thu Aug 21 17:20:40 MSD 2003 i686 unknown
Alexey
> -----Original Message-----
> From: Alexey Lobanov [mailto:aal at evidence-cpr.com]
> Sent: Monday, October 13, 2003 15:33
> To: Erik Soderquist
> Cc: samba at lists.samba.org
> Subject: RE: [Samba] security
>
>
> Hi Erik.
>
> On 13 Oct 2003 at 15:23, Erik Soderquist wrote:
>
> Subject: RE: [Samba] security
> Date sent: Mon, 13 Oct 2003 15:23:27 -0400
> From: "Erik Soderquist" <esoderquist at mcstamp.com>
> To: <samba at lists.samba.org>
>
> > Can these be adjusted from a windows workstation, or must they be adjusted
> > from the *nix machine?
>
> Surely, WinNT(4,5) "Security" tab works fine. Win9x assumed to be dead.
>
> Alexey
>
>
> >
> > -----Original Message-----
> > From: Gйmes Gйza [mailto:geza at kzsdabas.sulinet.hu]
> > Sent: Monday, October 13, 2003 14:18
> > To: Erik Soderquist
> > Cc: samba at lists.samba.org
> > Subject: Re: [Samba] security
> >
> >
> > WARNING: Unsanitized content follows.
> > -----BEGIN PGP SIGNED MESSAGE-----
> > Hash: SHA1
> >
> > Erik Soderquist нrta:
> > | In windows, I can set user1 to read only, user2 to full control, user3
> > | to write only, user 4 to modify, user 5 to delete only, user 6 to no
> > | direct access but can change permissions, etc. can I, how can I set this |
> > kind of granular permission with samba on linux?
> >
> > You should use samba with acl support, on top of an acl enabled
> > filesystem, e.g.:
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: http://lists.samba.org/mailman/listinfo/samba
>
More information about the samba
mailing list