[Samba] Help pls. -- Samba permission question

Gary Dale garydale at torfree.net
Wed Dec 12 16:02:48 MST 2012


On 12/12/12 05:18 PM, J Gao wrote:
> On 12-12-12 12:52 PM, Gary Dale wrote:
>> On 12/12/12 02:07 PM, J Gao wrote:
>>> Thank you Gary  for the help.
>>>
>>>
>>> On 12-12-12 09:45 AM, Gary Dale wrote:
>>>> If you want the CIFS permissions to be set correctly, use the 
>>>> Samba/CIFS
>>>> tools to set them (ie. set them from the client. Don't set them using
>>>> Unix permissions on the server).
>>>
>>> I don't know if I'm doing it correct. I'm using a bash script to help
>>> user mount the CIFS share like this:
>>>
>>> sudo mount.cifs //fileserver/management/ ${HOME}/fileserver/management
>>> -o user=${USER},password=$userPass,uid=$UID,rw,mand
>>>
>>> Could you give me an example on using Samba/CIFS tools?
>> That line mounts the share using the credentials you gave it but that
>> doesn't set the permissions. If you right-click on the share's folder,
>> you should be able to set the CIFS permissions.
>>
>>
>
> OK, right-click in natilus works. But how can I set this up by 
> default. I mean once the share mounted, it will set the correct 
> permission to 770 if the user copy files on the share?
>
> I read man page for the cifs.mount but I couldn't figure it out myself.
>
> Here are more info:
> 1. The management group has gid=1018 on the server.
> 2. Once the share mounted on the Ubuntu client, the share's group ID 
> set to numeric 1018. (there isn't a local gid 1018)
> 3. When copy a file, for example:
> -rwxr--r--  1 gao gao    14429 Nov 20 09:56 test
> to the mounted share, the permission appears to be:
> -rwxrwxr--  1 gao 1018      14429 Nov 20 09:56 test
> And I check it on the Samba server:
> -rwxrwxr--  1 gao management      14429 Nov 20 09:56 test
> So the permission changed to 774, not 770. I think somehow it combined 
> the permission here.
> Just like you said, I can change it to 770 from the right-click. But I 
> prefer to do it automatically.
>
> Please help.
>
> Thanks a lot.
>
> Gao

If you have the domain created correctly, the Samba database keeps the 
CIFS permissions. The Unix permissions aren't needed. Keep in mind that 
the two sets of permissions are distinct. If you set the CIFS 
permissions they are remembered. Checking the Unix permissions to see 
what the CIFS permissions are doesn't work.

Having a Unix group called management isn't helpful unless it maps to a 
CIFS group. For example, most Samba users map the CIFS "Domain Users" to 
the Unix "users". This is in the Samba documentation. The 1018 simply 
shows that there is no CIFS group recognized for 1018 (don't forget, you 
are forcing the group - probably not what you really want to do).

You really want to set up a CIFS group called management and add CIFS 
users to it.

Samba maps CIFS users to Unix users if the name is the same.

Have you tried using SWAT to manage your users and shares? It makes 
things easier if you don't have a Windows client to work from.


>
>>>
>>>
>>>
>>>>
>>>> Your example shows you setting the group to managegroup but your
>>>> smb.conf forces the group to management. Which is it?
>>>
>>> my typo. I want make clear so I change the group name to managegroup.
>>> The actual group name it the same "managment" which I think may cause
>>> confusion when I post my question. Sorry.
>>>
>>> Bets Regards.
>>>
>>> Gao
>> So is your user a member of management? Rather than forcing the group to
>> management, you could just add members to the group.
>>
>> Also, when you set the Unix ownership and permissions too tightly, you
>> may prevent Samba from accessing the share properly. Since the share
>> directories and files are to be accessed only through CIFS/Samba, the
>> Unix permissions can and should be very loose. My shares all have Unix
>> permissions with everyone having rwx access.
>>
>>
>>>
>>>
>>>>
>>>> The last line in your server commands I believe should be chmod, not
>>>> chowm.
>>>>
>>>>
>>>> On 12/12/12 12:21 PM, J Gao wrote:
>>>>> Hi, All,
>>>>>
>>>>> I'm having a problem with my samba server(v3.6.9) setup. I have a
>>>>> share on the server:
>>>>>
>>>>> #cd /
>>>>> #mkdir managment
>>>>> #chown -R root:managegroup management
>>>>> #chowm -R 2770 management
>>>>>
>>>>> When I test this I found out:
>>>>> the managegroup member can create new file/dir with the correct
>>>>> permission: -rwxrws--- or drwxrws---
>>>>>
>>>>> BUT, when the client copy a file or dir to the share from his local
>>>>> drive, then some file/dir will have different the permission when it
>>>>> coiped to the Samba share. (for example, drwxrwxr-x)
>>>>>
>>>>> We have both Windows and Ubuntu client. Ubuntu client use cifs.mount
>>>>> to access the Samba share.
>>>>>
>>>>> Here is my smb.conf file. Please help me. All I want is when and file
>>>>> and/or dir end up on the samba share, it should have 770 permission.
>>>>>
>>>>> Thanks.
>>>>>
>>>>> Gao
>>>>>
>>>>>
>>>>> my smb.conf:
>>>>> ============================================
>>>>> [global]
>>>>>         workgroup = WORKGROUP
>>>>>         server string = My File Server
>>>>>         interfaces = lo bond0 192.168.1.2/24
>>>>>         hosts allow = 127. 192.168.1.
>>>>>         log file = /var/log/samba/log.%m
>>>>>         max log size = 1000
>>>>>         security = user
>>>>>         passdb backend = tdbsam
>>>>>         guest account = nobody
>>>>>         map to guest = Bad User
>>>>>         wins support = yes
>>>>>         dns proxy = no
>>>>>         map acl inherit = yes
>>>>>         nt acl support = yes
>>>>>         load printers = no
>>>>>         printing = bsd
>>>>>         printcap name = /dev/null
>>>>>         disable spoolss = yes
>>>>>         create mask = 0770
>>>>>         force security mode = 0770
>>>>>         force create mode = 0770
>>>>>         directory mask = 0770
>>>>>         force directory mode = 0770
>>>>>
>>>>> [Management]
>>>>>     comment =
>>>>>         path = /management
>>>>>         browsable = yes
>>>>>         public = no
>>>>>         writable = yes
>>>>>         read only = no
>>>>>         force group = management
>>>>>         valid users = @management
>>>>>
>>>>> ========================================
>>>>>
>>>>
>>>
>>>
>>
>
>



More information about the samba mailing list