[Samba] Samba vs Linux file permissions
John Maher
john at chem.umass.edu
Fri Jun 3 09:37:14 MDT 2011
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 06/03/2011 10:15 AM, Robert W. Smith wrote:
...
> And, is /lab/chemgroup a local disk volume or a remote NSF volume? Doing
> a double mount SMB --> NFS --> Local Vol is not recommended owing to the
> way NFS itself handles permissions.
Bob, I forgot to respond to this part. No, I'm not using NSF. That mount
point is an LVM logical volume on a single RAID5 array.
>
> Also I would recommend that you consider upgrading to the latest 3.5.X
> branch of Samba and consider enabling ACLs and extended User Attributes
> on the underlying volumes. Although adding Posix ACls does add
> complexity to the mix in the end you get a more secure environment and
> less Windows-to-Linux permission problems and confusion.
There's resistance in my department to install applications using source
rather than Ubuntu packages. For now, I need to stick with the version
we have unless it becomes clear that the version change would make the
difference.
I've been wondering about extended User Attributes and whether or not
they are worth the effort. It sounds like you believe they are worth
it. I'll look into it. Thanks.
John
>
> Bob
> --bs
>
> On Thu, 2011-06-02 at 10:36 -0400, John Maher wrote:
> Hello,
>
> I cannot find anything in the documentation or mailing list that
> addresses this oddity.
>
> I've installed Samba Version 3.4.7 on Ubuntu Server 10.04, and I'm
> utterly confused by samba's behavior regarding permissions.
>
> Users on the server have home directories in /home/chemgroup/username.
> (chemgroup is actually a symlink to another volume mounted at
> /labs/chemgroup.) Permissions on /lab/chemgroup are:
>
> drwxrwx--- username chemgroup /labs/chemgroup
>
> Permissions on /lab/group/username are:
>
> drwxr-x--- username chemgroup /labs/chemgroup/username
>
> Clearly, username has rights to write to /home/chemgroup/username, and
> can do so just fine via ssh.
>
> The Samba share is configured as follows:
>
> [chemgroup]
> comment = Chemistry Group Share
> path = /home/chemgroup
> valid users = @chemgroup
> public = no
> browseable = no
> writeable = yes
> printable = no
> force group = chemgroup
> create mask = 0660
> directory mask = 0770
>
> Note, username is a member of chemgroup.
>
> username can connect to \\server\chemgroup and can create new files and
> directories there. And username can navigate to the username folder
> within chemgroup. BUT, here's where it gets weird . . . username can
> create a new file within the chemgroup\username folder, but they cannot
> even change the name of the file they just created. And they can't
> delete the file they just created (and couldn't rename).
>
> This same behavior is even presented with Home directories, with the
> homes section looking like this:
>
> [homes]
> comment = Home Directories
> browseable = no
> read only = no
> create mask = 0640
> directory mask = 0750
> valid users = %S
>
> Thank you for any help or guidance.
>
> John
>
>>
- --
* - - - - * - - - - * - - - - * - - - - * - - - - * - - - - * - - - - *
John Maher
Senior Systems and Network Administrator
Department of Biochemistry & Molecular Biology and
Department of Chemistry
University of Massachusetts - Amherst
voice: 413-577-3120 fax: 413-545-4490
OpenPGP Key ID: 0x2970A144
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iEYEARECAAYFAk3o/6oACgkQG+X1pClwoUTCZgCgw/dIZ+1UbmmeV7YCK9kvogJE
W7kAn0Y+5n3IWlg/HHE3WB9st7+Kyg7g
=ZS6w
-----END PGP SIGNATURE-----
More information about the samba
mailing list