[Samba] Profiles and Service Packs]

Mac mac at nibsc.ac.uk
Wed May 19 15:19:51 GMT 2004


Hi all,


>>> No.  storing profiles in  separate shares for NT4+ clients is
>>> the recommended method.
>>>
>> this is good news, but how do i get it work?? I always get the wrong
>Permission Error!
>>
>> Thanks,
>> Daniel.
>
>Try changing the profile directory to the following.  This is from an IBM
>Samba as a PDC tutorial.  It works for my installation.
>
>chmod 1757 profiles
>


This looks good to me too.

For the benfit of the archives and any one out there who's not totally
familiar with UNIX directory permissions I'll explain what that does.

In an 'ls' of the profiles directory it'll look like this:-

       drwxr-xrwt

which means that this directory can be written to by its owner, not
by members of its group, but can be written by anyone else in the world.

Since this is a directory (and not a file) this 'writeable' permission
actually means

	"anyone can create or delete anything in this directory"

That last bit is important, as it allows new users to create a new profile
directory as needed.  But, you may notice, it also means it's possible
for anyone to delete anything in this directory too.

This is where the final 't' comes in.  This is the so called 'sticky' bit.
When 't' is turned on (on a directory) it changes the meaning of the
world-writeable permission to this:-

"anyone can create in this directory and anyone may delete things they
own in this directory"

which stops people being able to delete or damage other people's profiles.
 It's often a good idea to use the 'sticky' bit on all world writeable
directories unless you've got good reason not too.



                               Mac
          Assistant Systems Adminstrator @nibsc.ac.uk
                        dmccann at nibsc.ac.uk
   Work: +44 1707 641565          Everything else: +44 7956 237670 (anytime)


More information about the samba mailing list