[Samba] Confused with profile filesystem permissions
Andreas
andreas at conectiva.com.br
Tue Nov 9 12:07:20 GMT 2004
On Mon, Nov 08, 2004 at 07:38:28PM -0700, John H Terpstra wrote:
> My top level: /var/lib/samba/profiles is owned by root, group = root.
> Permissions are: 0770
If I leave my /var/lib/samba/profiles like that, I get this error upon
logon:
[2004/11/09 10:02:06, 1] smbd/service.c:make_connection_snum(648)
einstein (10.0.4.142) connect to service profiles initially as user buffy (uid=19422, gid=100) (pid 12965)
[2004/11/09 10:02:06, 0] smbd/service.c:set_current_service(51)
chdir (/var/lib/samba/profiles) failed
I assume this happens because the connection is being made as user "buffy" who
cannot enter /var/lib/samba/profiles if it is root:root 0770
> My profile directory as user jht:
> drwxr-xr-x 16 jht Domain Users 552 2004-07-19 14:08 jht/
>
> The Windows and unix group "Domain Users" is mapped as follows:
>
> frodo:~ # net groupmap list
> Domain Admins (S-1-5-21-726309263-4128913605-1168186429-512) -> Domain Admins
> Domain Users (S-1-5-21-726309263-4128913605-1168186429-513) -> Domain Users
You called the local group "Domain Users" just for convenience, I assume. I have
this mapping on the samba PDC:
# net groupmap list | grep users
Domain Users (S-1-5-21-1283145168-670325121-1332409668-1201) -> users
And:
# id buffy
uid=19422(buffy) gid=100(users) grupos=100(users)
That's ok, right?
> > I'm getting permission denied errors from winxp pro sp2 and samba
> > 3.0.8pre2. Does it have something to do with "profile acls"?
>
> My profile share definition is:
>
> [profiles]
> comment = Profile Share
> path = /var/lib/samba/profiles
> read only = No
> profile acls = Yes
I have now:
[profiles]
path = /var/lib/samba/profiles
writable = yes
create mask = 0600
directory mask = 0700
profile acls = yes
I'll keep on testing, thanks for your help.
More information about the samba
mailing list