[Samba] Group permissions not working on 3.0.8
Rodrigo Severo
rodrigo at fabricadeideias.com
Fri Dec 10 14:59:57 GMT 2004
Hi,
I believe group permissions are not working well on Samba 3.0.8.
I have two different problems that seems to be group permission related:
1. I have the following file:
-r--rw---- 1 apache_user developers_group 13285 Dec 9 12:53 index.html
I am a member of developers_group (not my primary group) and I can't
edit this file. If I give apache_user (the file's owner) the write right
then I can edit the file. Why?
This only happens when I access the file through Samba, on the machine
itself these rights work as I expect, i.e., no need of write right to
the owner.
2. I have the following directory:
dr-xrws--- 1 apache_user developers_group 0 Mar 18 2004 userimages/
Again I, as a member of developres_group, should be able to create a new
file. But I can't: permission denied. Again I ask why?
I saw some messages about group permission related problems down in
Samba 3.0.2. Could these issues be related to this same problem?
BTW I using ldap based authentication.
Please help.
I'm including my smb.conf file below for your reference.
TIA,
Rodrigo Severo
/etc/samba/smb.conf:
[global]
workgroup = FABRICA
netbios name = SCOTT
encrypt passwords = Yes
server string = Samba %v - Scott
security = user
interfaces = 192.168.109.7 127.0.0.1
load printers = no
socket options = TCP_NODELAY IPTOS_LOWDELAY SO_KEEPALIVE
SO_RCVBUF=8192 SO_SNDBUF=8192
log file = /var/log/samba/%m
bind interfaces only = Yes
local master = no
domain master = no
domain logons = Yes
wins server = 192.168.109.1
dns proxy = no
create mask = 0764
force create mode = 0660
map archive = no
unix extensions = yes
wide links = no
dos charset = CP850
unix charset = ISO8859-1
username map = /etc/samba/smbusuarios
name resolve order = wins bcast hosts
unix password sync = Yes
passwd program = /usr/share/samba/scripts/smbldap-passwd -u %u
passwd chat = "Changing password for*\nNew password*" %n\n "*Retype
new password*" %n\n"
ldap passwd sync = yes
passdb backend = ldapsam:ldaps://auth.fabricadeideias.com:636
ldap admin dn = cn=samba,ou=DSA,dc=fabricadeideias,dc=com
ldap suffix = dc=fabricadeideias,dc=com
ldap group suffix = ou=Group
ldap user suffix = ou=People
ldap machine suffix = ou=People
ldap ssl = on
add machine script = /usr/share/samba/scripts/smbldap-useradd -w "%u"
add user script = /usr/share/samba/scripts/smbldap-useradd -a -m "%u"
ldap delete dn = Yes
delete user script = /usr/share/samba/scripts/smbldap-userdel "%u"
add group script = /usr/share/samba/scripts/smbldap-groupadd -p "%g"
delete group script = /usr/share/samba/scripts/smbldap-groupdel "%g"
add user to group script =
/usr/share/samba/scripts/smbldap-groupmod -m "%u" "%g"
delete user from group script =
/usr/share/samba/scripts/smbldap-groupmod -x "%u" "%g"
set primary group script = /usr/share/samba/scripts/smbldap-usermod
-g "%g" "%u"
ldap idmap suffix = ou=Idmap
idmap backend = ldap:ldaps://auth.fabricadeideias.com:636
idmap uid = 10000-20000
idmap gid = 10000-20000
#============================ Share Definitions
==============================
[webdev]
path = /dados01
force user = apache_user
force group = +developers_group
writeable = Yes
force directory mode = 070
write list = @developers_group
-----------------------------------------------
Rodrigo Severo
Fábrica de Idéias
SBS -Ed. Empire Center Sala 1301 - Cobertura
Fone: (61) 321 1357
Fax: (61) 223 1712
Brasília/DF
-----------------------------------------------------------------------
For Sys Admins paranoia isn't a mental health problem,
its a marketable job skill.
-------------------------
More information about the samba
mailing list