[Samba] Am I going about this all the wrong way?[Scanned]

David Greenhall david.greenhall at praybourne.co.uk
Thu Jan 25 09:18:26 GMT 2007


Here are the permissions for the relevant folders / links

Folder1:
drwxrws---  17 root	Domadmin 4096 Jan 24 15:57 ./
	|-------[Softwarefolder]
	drwxrwsrwx  17 root Domusers       4096 Jan 24 10:25 ./

[AccountsFolder]
drwxrwx---   3 root     Accounts   4096 Jan 25 06:38 ./
	|---------------[SymbolicLink1] - Linked to folder1/softwarefolder
	lrwxrwxrwx   1 root     root         20 Jan 25 06:38 XEB -> /var/samba/Progs/Softwarefolder/

[SalesFolder]
drwxrwx---   3 root     Sales   4096 Jan 25 06:38 ./
	|---------------[SymbolicLink1] - Linked to folder1/softwarefolder
	lrwxrwxrwx   1 root     root         20 Jan 25 06:38 XEB -> /var/samba/Progs/Softwarefolder/




-----Original Message-----
From: Rune Tønnesen [mailto:rune at tonnesen.org] 
Sent: 24 January 2007 17:17
To: David Greenhall
Subject: [NOT IN WHITELIST] Re: [Samba] Am I going about this all the wrong way?[Scanned]


Do you have the correct unix permissions on the shared group folders 
e.g. 0770

Venlig Hilsen (Best Regards)
stud. med. Rune Tønnesen



David Greenhall skrev:
> Sorry for the title, but couldnt think how to word it.
>  
> Basically we have a piece of software that all departments in our 
> company uses, placed on the samba server but runs from windows. Because different departments use other items on the server which will differ depending on who needs them this is what i have done:
>  
>        [AccountsFolder] |---------------[SymbolicLink1] - Linked to 
> folder1/softwarefolder
>  
> [folder1] - Contains the software for all
>     |-------[Softwarefolder]
>  
>        [SalesFolder] |---------------[SymbolicLink2] - Linked to 
> folder1/softwarefolder
>  
> The Folder1 is owned by domain admins
> AccountsFolder owned by Accounts
> and Salesfolder owned by Sales.
>  
> [smb.conf]
>  
> [Accounts]
>  browseable = no
>  inherit permissions = Yes
>  delete readonly = Yes
>  writeable = yes
>  valid users = @Accounts
>  path = /var/samba/Accounts
>  force group = Accounts
>  
> [Sales]
>  browseable = no
>  inherit permissions = Yes
>  delete readonly = Yes
>  writeable = yes
>  valid users = @Sales
>  path = /var/samba/Sales
>  force group = Sales
>  
> However, when i check the connections using webmin, there are users in 
> accounts who have connections open from sales and visa versa. This I was hoping someone could enlighten me on. I cannot figure out how they can gain access to a share that they have no permissions to open. When I browse from their machines to try and open the other shares its as you would expect [Access Denied]
>  
> So basically im wondering if i am going about this all the wrong way, 
> and maybe someone could hint at a better way.
>  
> Thanks
> Dave
>  
> ___________________
> Systems Administrator
> Praybourne Limited
>  
> Tel: +44 (0) 870 2420004
> Fax: +44 (0) 1527 68780
>  
>   



More information about the samba mailing list