[Samba] Samba + ADS File Security Problem
Markus Klimke
klimke at tu-harburg.de
Thu Nov 10 09:11:03 GMT 2005
just take a look into the man page of smb.conf and search for 'force'. i
suppose what you are seeking is 'force user = auser'.
updatemyself . schrieb:
> Hai All,
> I have a setup with Samba share + ADS..
> All my Windows XP machine is login to ADS Server also my samba share machine
> Everything working fine.. except some security permission,
> Users can access all share with out username and password..
> once if they login to Windows2003 ADS.
> In almost all share I allow read write permission in group wise
> All my need is... who ever creating a file or folder...
> they must not be the owner only administer must be..
> then only we can restrict the deletion of Valuable Data
> most of my share is more then 1000GB
> If I change the ownership from Linux with some scripts & crontab
> its creating a big accessing problem from WindowsXP systems
> and I have to setup all the security permission again from Windows..
> Is there any way to create files and folders only with the ownership of
> administer and with stickybit permission
> Here is my correct samba share configuration...
> #=========================== Global Settings
> ================================
> [global]
> workgroup = MYDOMAIN
> server string = Samba Server
> log file = /var/log/samba/%m.log
> max log size = 50
> security = ads
> encrypt passwords = yes
> socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
> dns proxy = no
>
> #=========================== Share Definitions
> ==============================
> #ldap idmap suffix = ou=emplist,dc=dqe,dc=com
> password server = 172.16.20.200 <http://172.16.20.200>
> realm = MYDOMAIN.COM <http://MYDOMAIN.COM>
> idmap uid = 16777216-33554431
> idmap gid = 16777216-33554431
> template shell = /bin/bash
> template homedir = /home/%D/%U
> allow trusted domains = no
> idmap backend = idmap_rid:DQE=16777216-33554431
> winbind use default domain = yes
>
> [vol08]
> path = /vol08_700
> writable = yes
> public = yes
> nt acl support = yes
> create mask = 0755
> security mask = 0755
> inherit permissions = yes
> inherit acls = yes
> force security mode = 0
> directory security mask = 0777
> force directory security mode = 0
>
> =============================================================================
> Please Share Your knowledge to solve this problem...
> Thank You in Advance,
>
> --
> regards,
> Jerrynikki
>
> -------------------------------------------------------------------------------
--
--------------------------------------
Markus Klimke
Technische Universität Hamburg-Harburg
AB Modellierung und Berechnung
Denickestr. 17, Raum 3043
21073 Hamburg
Tel.: 040/42878-4482
--------------------------------------
More information about the samba
mailing list