[Samba] Profiles and Service Packs]
mac at nibsc.ac.uk
Wed May 19 15:19:51 GMT 2004
>>> No. storing profiles in separate shares for NT4+ clients is
>>> the recommended method.
>> this is good news, but how do i get it work?? I always get the wrong
>Try changing the profile directory to the following. This is from an IBM
>Samba as a PDC tutorial. It works for my installation.
>chmod 1757 profiles
This looks good to me too.
For the benfit of the archives and any one out there who's not totally
familiar with UNIX directory permissions I'll explain what that does.
In an 'ls' of the profiles directory it'll look like this:-
which means that this directory can be written to by its owner, not
by members of its group, but can be written by anyone else in the world.
Since this is a directory (and not a file) this 'writeable' permission
"anyone can create or delete anything in this directory"
That last bit is important, as it allows new users to create a new profile
directory as needed. But, you may notice, it also means it's possible
for anyone to delete anything in this directory too.
This is where the final 't' comes in. This is the so called 'sticky' bit.
When 't' is turned on (on a directory) it changes the meaning of the
world-writeable permission to this:-
"anyone can create in this directory and anyone may delete things they
own in this directory"
which stops people being able to delete or damage other people's profiles.
It's often a good idea to use the 'sticky' bit on all world writeable
directories unless you've got good reason not too.
Assistant Systems Adminstrator @nibsc.ac.uk
dmccann at nibsc.ac.uk
Work: +44 1707 641565 Everything else: +44 7956 237670 (anytime)
More information about the samba