[Samba] Question on "read only" behavior in smb.conf

Tom Schaefer tom at umsl.edu
Sat Sep 27 02:59:45 GMT 2003


It should behave as you expect, a read only share is a read only share period no matter what the UNIX permissions are.  At least thats been my experience with it and what the man page seems to suggest.  I am very surprised at what you are seeing.  

Tom Schaefer
UNIX Administrator
University of Missouri Saint Louis


On Fri, 26 Sep 2003 17:59:13 -0400
"Sullivan, James (NIH/CIT)" <sullivan at mail.nih.gov> wrote:

> Hi All,
> 
> I've built Samba v2.2.8a on a RedHat 7.2 system and it seems to work ok.
> However
> I cannot understand the "read only" parameter in the following situation:
> 
> smb.conf file:
> -------------------
> [global]
>    security=user
>    encrypt passwords=yes
> [foo]
>    path=/tmp/foo
>    read only=yes
>    
> The owner&mode of /tmp/foo is:
> ------------------------------------------
> % ls -ld /tmp/foo
> drwx-r-xr-x  3  joe  joe  1024  Sep  23  13:52  /tmp/foo
> 
> I've setup a smbpasswd file containing users "joe" and "sue", both with
> passwords.
> I can connect to \\mymachine\foo as "joe" or "sue" ok from my Windows 2000
> PC.  
> I connect it to drive K: and can see all the files in /tmp/foo.
> 
> However: 
> -when connected via samba as "joe" I can successfully paste files into
> /tmp/foo. (not expected)
> -when connected via samba as "sue" I cannot paste files into /tmp/foo.
> (expected)
> 
> It appears the UNIX file permissions are overriding the Samba configuration.
> I thought Samba worked the other way around but without allowing more rights
> than the UNIX permissions provide.
> In other words, why does "joe" have write access to a samba service defined
> as "read only" in the samba configuration?
> 
> I also checked the "Properties/Security" of the share from my Windows 2000
> PC and it says:
> Allow	Joe	Full Control
> Allow	Everyone	Read & Execute
> 
> If this is how it is supposed to work then life gets difficult in the
> following circumstance:
> If I have a directory I want to make mountable from Samba as read only,
> I need to be careful and check all directory and file permissions to ensure
> no one connecting
> via Samba will have a UNIX write permission that overrides the Samba setting
> of "read only".
> 
> Is this correct behavior for Samba?  Is there a way to make a service truely
> read only no matter
> who is connected and who ownes the files?  I also discovered that if sue's
> group matches the group
> ownership of /tmp/foo, then sue has write access IF /tmp/foo is group
> writeable.
> 
> Thanks in advance.  Samba set up quickly and seems to work great, except for
> this 
> little bit of strangeness.  
> 
> -Jim
> 
> 	----------------------------------------------------
> 	James E. Sullivan   |  Northrop Grumman IT 
> 	Building 12B        |  on site at: NIH/CIT/DCSS/SOSB
> 	Room 2N207          |  Phone:301-451-6372
> 	Bethesda, MD 20892  |  Email:sullivan at mail.nih.gov    
>    -----------------------------------------------------
> 
> -- 
> To unsubscribe from this list go to the following URL and read the
> instructions:  http://lists.samba.org/mailman/listinfo/samba
> 



More information about the samba mailing list