[Samba] weird permissions issue
JJB
onephatcat at earthlink.net
Wed Jun 17 23:15:26 GMT 2009
Recently some folks in our engineering group started encountering a
problem where they can't write to or alter files or folders they did not
create.
Anyone know what could be causing this type of problem? The users having
the problem are all in the eng group is /etc/groups. smb.conf for that
share:
smb.conf:
#smb.conf is the main Samba configuration file. You find a full commented
# version at /usr/share/doc/packages/samba/examples/smb.conf.SUSE if the
# samba-doc package is installed.
# Date: 2005-04-04
[global]
workgroup = WORKGROUP
netbios name = int-samba
server string = int-samba Fileserver
username map = /etc/samba/smbusers
map to guest = Bad User
logon path = \\%L\profiles\.msprofile
logon home = \\%L\%U\.9xprofile
logon drive = P:
add machine script = /usr/sbin/useradd -c Machine -d
/var/lib/nobody -s /bin/false %m$
domain logons = No
domain master = Yes
security = user
idmap gid = 10000-20000
idmap uid = 10000-20000
wins support = yes
remote browse sync = 10.17.100.11
passdb backend = smbpasswd
preferred master = yes
local master = yes
os level = 255
socket options = IPTOS_LOWDELAY TCP_NODELAY
log level = 1
interfaces = 192.168.1.2/24
kernel oplocks = yes
## Share disabled by YaST
[homes]
comment = Home Directories
valid users = %S
browseable = No
read only = No
inherit acls = Yes
vfs objects = recycle
recycle:repository = .Recycler
recycle:keeptree = Yes
recycle:versions = Yes
# File creation mask is set to 0700 for security reasons. If you want to
# create files with group = rw permissions, set next parameter to 0775.
# create mask = 0775
#
# Directory creation mask is set to 0700 for security reasons. If you
want to
# create dirs. with group=rw permissions, set next parameter to 0775.
# directory mask = 0700
# directory mode = 0700
## Share disabled by YaST
# [profiles]
# comment = Network Profiles Service
# path = %H
# read only = No
# store dos attributes = Yes
# create mask = 0600
# directory mask = 0700
## Share disabled by YaST
# [users]
# comment = All users
# path = /home
# read only = No
# inherit acls = Yes
# veto files = /aquota.user/groups/shares/
# comment = Users share (from Miles)
# inherit acls = Yes
# path = /data/IT/engineering/Users
# read only = No
# valid users = @it @eng
# force group = eng
# create mask = 0664
# directory mask = 0775
# ## recycle bin config ##
# vfs objects = recycle
# recycle:repository = .Recycler
# recycle:keeptree = Yes
# recycle:versions = Yes
## Share disabled by YaST
# [groups]
# comment = All groups
# path = /home/groups
# read only = No
# inherit acls = Yes
## Share disabled by YaST
# [printers]
# comment = All Printers
# path = /var/tmp
# printable = Yes
# create mask = 0600
# browseable = No
## Share disabled by YaST
# [print$]
# comment = Printer Drivers
# path = /var/lib/samba/drivers
# write list = @ntadmin root
# force group = ntadmin
# create mask = 0664
# directory mask = 0775
[nobackup]
comment = nobackup
inherit acls = Yes
path = /data/nobackup
read only = No
valid users = mainshare @it @webdev
create mask = 0664
directory mask = 0775
[it]
comment = IT
inherit acls = Yes
path = /data/IT/IT-share
read only = No
valid users = @it
force group = it
create mask = 0664
directory mask = 0775
## recycle bin config ##
vfs objects = recycle
recycle:repository = .Recycler
recycle:keeptree = Yes
recycle:versions = Yes
[htdocs]
comment = Intranet Web Area
inherit acls = Yes
path = /data/IT/htdocs
read only = No
valid users = @it @webdev
force user = wwwrun
force group = mycompany
create mask = 0664
directory mask = 0775
## recycle bin config ##
vfs objects = recycle
recycle:repository = .Recycler
recycle:keeptree = Yes
recycle:versions = Yes
[svn]
comment = Subversion repositories
inherit acls = Yes
path = /data/IT/svn/
read only = Yes
valid users = @it
force group = mycompany
create mask = 0664
directory mask = 0775
[mysql]
comment = Mysql databases
inherit acls = Yes
path = /data/IT/mysql
read only = Yes
valid users = @it
force user = mysql
force group = mysql
create mask = 0660
directory mask = 0775
[backups]
comment = MySQL Database backups
inherit acls = Yes
path = /data/IT/backups
read only = No
valid users = @it
force group = it
create mask = 0664
directory mask = 0775
[eng-parent]
comment = Parent of all engineering shares
inherit acls = Yes
path = /data/IT/engineering/
read only = No
valid users = @it
force group = eng
create mask = 0664
directory mask = 0775
[engweb]
comment = Engineering share
inherit acls = Yes
path = /data/IT/engineering/engweb
read only = No
valid users = @it @eng
force group = eng
create mask = 0664
directory mask = 0775
## recycle bin config ##
vfs objects = recycle
recycle:repository = .Recycler
recycle:keeptree = Yes
recycle:versions = Yes
[devtools]
comment = Engineering Development Tools (from Miles)
inherit acls = Yes
path = /data/IT/engineering/DevTools
read only = No
valid users = @it @eng
force group = eng
create mask = 0664
directory mask = 0775
## recycle bin config ##
vfs objects = recycle
recycle:repository = .Recycler
recycle:keeptree = Yes
recycle:versions = Yes
[engdownloads]
comment = Engineering Downloads
inherit acls = Yes
path = /data/IT/engineering/Downloads
read only = No
valid users = @it @eng
force group = eng
create mask = 0664
directory mask = 0775
## recycle bin config ##
vfs objects = recycle
recycle:repository = .Recycler
recycle:keeptree = Yes
recycle:versions = Yes
[engineering]
comment = Engineering share (from Miles)
inherit acls = Yes
path = /data/IT/engineering/Engineering
read only = No
valid users = @it @eng
force group = eng
create mask = 0664
directory mask = 0775
## recycle bin config ##
vfs objects = recycle
recycle:repository = .Recycler
recycle:keeptree = Yes
recycle:versions = Yes
[pcom]
comment = PCOM share (from Miles)
inherit acls = Yes
path = /data/IT/engineering/PCOM
read only = No
valid users = @it @eng
force group = eng
create mask = 0664
directory mask = 0775
## recycle bin config ##
vfs objects = recycle
recycle:repository = .Recycler
recycle:keeptree = Yes
recycle:versions = Yes
[users]
## recycle bin config ##
vfs objects = recycle
recycle:repository = .Recycler
recycle:keeptree = Yes
recycle:versions = Yes
[mainshare]
comment = mainshare
inherit acls = Yes
path = /data/mainshare
read only = No
valid users = mainshare @it @eng @mycompany @webdev
force user = mainshare
force group = mycompany
create mask = 0664
directory mask = 0775
## recycle bin config ##
vfs objects = recycle
recycle:repository = .Recycler
recycle:keeptree = Yes
recycle:versions = Yes
[Legacy_Data]
comment = Legacy Access DB
inherit acls = Yes
path = /data/mainshare/Manufacturing/Legacy
inherit acls = Yes
read only = No
valid users = mainshare @it @eng @mycompany @webdev
force group = mycompany
create mask = 0664
directory mask = 0775
[Media]
comment = mainshare
inherit acls = Yes
path = /data/media
read only = No
valid users = mainshare @it @eng @mycompany @webdev
force user = mainshare
force group = mycompany
create mask = 0664
directory mask = 0775
## recycle bin config ##
vfs objects = recycle
recycle:repository = .Recycler
recycle:keeptree = Yes
recycle:versions = Yes
[Retrospect]
comment = mainshare
inherit acls = Yes
path = /media/disk/retrospect
read only = No
valid users = @it @eng @mycompany @webdev
force group = mycompany
create mask = 0664
directory mask = 0775
## recycle bin config ##
vfs objects = recycle
recycle:repository = .Recycler
recycle:keeptree = Yes
recycle:versions = Yes
[Doc_IN]
comment = MFG, Eng Doc deposit
inherit acls = Yes
path = /data/docdeposit
read only = No
valid users = mainshare @it @eng @mycompany @webdev
force user = docdepositor
force group = mycompany
create mask = 0664
directory mask = 0775
## recycle bin config ##
vfs objects = recycle
recycle:repository = .Recycler
recycle:keeptree = Yes
recycle:versions = Yes
More information about the samba
mailing list