[Samba] Question about permissions
Christoph Scheeder
christoph.scheeder at scheeder.de
Tue Jul 20 10:23:20 GMT 2004
Hi,
you shouldn't need to force a group in the homes share, and using
"fore group" in another share shouldn't affect the homes share at all.
I guess the effect of locking out your users from their homes in
your first attempt with "force group" resulted from samba missbehaving
with the @ sign in your groupnames.
Christoph
Mario Gamito schrieb:
> Hi Christoph,
>
> Thank you for your answer.
>
> ok, i did that.
> i suppose that now, assignin the user's primary group as their own, they
> also can access their homes, right ?
>
> Warm Regards,
> Mário Gamito
>
> On Tue, 2004-07-20 at 10:43, Christoph Scheeder wrote:
>
>>Hi,
>>your first attempt with using "force group" is correct, but your syntax
>>is not.
>>for "force group" you have to omit the '@' sign. it only takes the name
>>of the group.
>>for example :
>> force group = f
>>
>>at least thats the way it works for me .... ;-)
>>Christoph
>>
>>Mario Gamito schrieb:
>>
>>
>>>Hi,
>>>
>>>First of all, my apologies for the extension of this message, but it is
>>>needeed for you to undertand my problem.
>>>
>>>Straight to the point: i have this domain in my company running in Samba
>>>3.0.2
>>>
>>>My users are: hcoelho, jardim, gamito, yesenia, smatias, fqueiros,
>>>faugusto, vamaro, peixinho, aragao, dina, pinho.
>>>
>>>I have this shares with the users that can access them and the
>>>correponding Linux groups:
>>>
>>>[DAT]: hcoelho, jardim, fqueiros, gamito, faugusto => Linux group A
>>>[DID]: hcoelho, jardim, gamito, faugusto, peixinho, aragao, vamaro =>
>>>Linux group B
>>>[DGM]: hcoelho, jardim, smatias => Linux group C
>>>[SAD]: hcoelho, jardi, yesenia => Linux group D
>>>[NTL]: Everybody => Linux group E
>>>[arquivo]: everybody
>>>[backups]: jardim, gamito, filipe => Linux group G
>>>[biblioteca]: everybody
>>>[desenvolvimento]: jardim, gamito, faugusto
>>>
>>>
>>>user's groups:
>>>coelho : d hcoelho a b c e f g
>>>jardim : d jardim a b c e f g h
>>>gamito : gamito a b e f g h
>>>(etc...)
>>>
>>>Besides these shares, there are the homes also.
>>>
>>>
>>>Problems:
>>>
>>>If hcoelho, for instance, copies a file to share [SAD], yesenia can't
>>>open it (and it should, as above), because it is copied with group A.
>>>
>>>I've already used "force group" in smb.conf, but then, my users can't
>>>access their homes.
>>>
>>>Following my signature is my smb.conf
>>>
>>>Any help would be appreciated.
>>>
>>>Warm Regards,
>>>Mário Gamito
>>>
>>>
>>>smb.conf:
>>>------------------------------
>>>######################################
>>># #
>>># smb.conf : criado por Mário Gamito #
>>># Data: 21/06/04 #
>>># #
>>>######################################
>>>
>>>
>>>[global]
>>>workgroup = NETUAL
>>>netbios name = bateira
>>>server string = Beatrix Kiddo
>>>
>>># scripts para alterar o /etc/passwd quando o utilizador muda a password
>>>no Windows
>>>passwd program = /usr/bin/passwd %u
>>>passwd chat = *New*password* %n\n *Retype*new*password* %n\n
>>>*passwd:*all*authentication*tokens*updated*successfully*
>>>#username map = /etc/samba/smbusers
>>>
>>>unix password sync = Yes
>>>log level = 2
>>>log file = /etc/samba/individual/%m.log
>>>name resolve order = wins lmhosts host
>>>time server = Yes
>>>socket options = TCP_NODELAY IPTOS_LOWDELAY SO_SNDBUF=8192
>>>SO_RCVBUF=8192
>>>load printers = No
>>>#oplocks = No
>>>
>>>add user script = /usr/sbin/useradd -n -g domainusers -G domainguests -d
>>>/dev/null -s /bin/false -M %u
>>>delete user script = /usr/sbin/userdel %u
>>>add group script = /usr/sbin/groupadd -r %g
>>>delete group script = /usr/sbin/groupdel %g
>>>add user to group script = /usr/bin/gpasswd -a %u %g
>>>delete user from group script = /usr/bin/gpasswd -d %u %g
>>>set primary group script = /usr/sbin/usermod -g '%g' '%u'
>>>add machine script = /usr/sbin/adduser -n -g domainmachines -c Machine
>>>-d /dev/null -s /bin/false %u
>>>
>>>smb passwd file = /etc/samba/passwd
>>>
>>>logon script = netualinit.bat
>>>logon path = \\%L\profiles\%U
>>>logon home = \\%L\%U
>>>logon drive = H:
>>>domain logons = Yes
>>>os level = 64
>>>preferred master = Yes
>>>domain master = Yes
>>>dns proxy = No
>>>wins support = Yes
>>>message command = echo obrigado | smbclient -M %f
>>>panic action = echo Isto é uma mensagem automática: O servidor crashou.
>>>Contacte o Mário Gamito | smbclient -M shuttle
>>>host msdfs = Yes
>>>admin users = domainroot
>>>hosts allow = 10.10.1., 10.10.2.
>>>hosts deny = ALL
>>>hide files = /.bash_profile/.bash_logout/.bashrc/.gtkrc/.kde/.zshrc/
>>>
>>>[homes]
>>>comment = Home Directories
>>>read only = No
>>>browseable = No
>>>create mask = 0600
>>>directory mask = 0700
>>>
>>>[Profiles]
>>>comment = Windows profiles para os utilizadores que carregam as suas
>>>preferências a partir do servidor.
>>>path = /etc/samba/profiles
>>>browseable = No
>>>read only = No
>>>create mask = 0600
>>>directory mask = 0700
>>>
>>>[netlogon]
>>>comment = Network Logon Service
>>>path = /etc/samba/netlogon
>>>browseable = No
>>>writeable = No
>>>browseable = No
>>>
>>>[arquivo]
>>>comment = pasta de arquivo
>>>path = /home/arquivo/
>>>writeable = Yes
>>>browseable = Yes
>>>create mask = 660
>>>directory mask = 777
>>>#force group = @f
>>>
>>>[SAD]
>>>comment = pasta da SAD
>>>path = /home/SAD
>>>writeable = Yes
>>>browseable = Yes
>>>create mask = 660
>>>directory mask = 770
>>>#force group = @d
>>>
>>>[DAT]
>>>comment = pasta da DAT
>>>path = /home/DAT
>>>writeable = Yes
>>>browseable = Yes
>>>create mask = 660
>>>directory mask = 770
>>>#force group = @a
>>>
>>>[DID]
>>>comment = pasta da DID
>>>path = /home/DID
>>>writeable = Yes
>>>browseable = Yes
>>>create mask = 660
>>>directory mask = 770
>>>#force group = @b
>>>
>>>[DGM]
>>>comment = pasta da DGM
>>>path = /home/DGM
>>>writeable = Yes
>>>browseable = Yes
>>>create mask = 660
>>>directory mask = 770
>>>#force group = @c
>>>
>>>[SAD]
>>>comment = pasta da SAD
>>>path = /home/SAD
>>>writeable = Yes
>>>browseable = Yes
>>>create mask = 660
>>>directory mask = 770
>>>#force group = @d
>>>
>>>[backups]
>>>comment = pasta de backups
>>>path = /home/backups
>>>writeable = Yes
>>>browseable = Yes
>>>create mask = 666
>>>directory mask = 770
>>>#force group = @g
>>>
>>>[biblioteca]
>>>comment = pasta da biblioteca
>>>path = /home/biblioteca
>>>writeable = Yes
>>>browseable = Yes
>>>create mask = 666
>>>directory mask = 777
>>>#force group = @f
>>>
>>>[desenvolvimento]
>>>comment = pasta do devel team
>>>path = /home/desenvolvimento
>>>writeable = Yes
>>>browseable = Yes
>>>create mask = 660
>>>directory mask = 770
>>>#force group = @h
>>>
>>>[publico]
>>>comment = pasta publica
>>>path = /home/publico
>>>writeable = Yes
>>>browseable = Yes
>>>create mask = 666
>>>directory mask = 777
>>>#force group = @f
>>>
>>>
>>
>
More information about the samba
mailing list