[Samba] Help pls. -- Samba permission question
J Gao
jgao at veecall.com
Wed Dec 12 18:01:56 MST 2012
On 12-12-12 03:02 PM, Gary Dale wrote:
> On 12/12/12 05:18 PM, J Gao wrote:
>> On 12-12-12 12:52 PM, Gary Dale wrote:
>>> On 12/12/12 02:07 PM, J Gao wrote:
>>>> Thank you Gary for the help.
>>>>
>>>>
>>>> On 12-12-12 09:45 AM, Gary Dale wrote:
>>>>> If you want the CIFS permissions to be set correctly, use the
>>>>> Samba/CIFS
>>>>> tools to set them (ie. set them from the client. Don't set them using
>>>>> Unix permissions on the server).
>>>>
>>>> I don't know if I'm doing it correct. I'm using a bash script to help
>>>> user mount the CIFS share like this:
>>>>
>>>> sudo mount.cifs //fileserver/management/ ${HOME}/fileserver/management
>>>> -o user=${USER},password=$userPass,uid=$UID,rw,mand
>>>>
>>>> Could you give me an example on using Samba/CIFS tools?
>>> That line mounts the share using the credentials you gave it but that
>>> doesn't set the permissions. If you right-click on the share's folder,
>>> you should be able to set the CIFS permissions.
>>>
>>>
>>
>> OK, right-click in natilus works. But how can I set this up by
>> default. I mean once the share mounted, it will set the correct
>> permission to 770 if the user copy files on the share?
>>
>> I read man page for the cifs.mount but I couldn't figure it out myself.
>>
>> Here are more info:
>> 1. The management group has gid=1018 on the server.
>> 2. Once the share mounted on the Ubuntu client, the share's group ID
>> set to numeric 1018. (there isn't a local gid 1018)
>> 3. When copy a file, for example:
>> -rwxr--r-- 1 gao gao 14429 Nov 20 09:56 test
>> to the mounted share, the permission appears to be:
>> -rwxrwxr-- 1 gao 1018 14429 Nov 20 09:56 test
>> And I check it on the Samba server:
>> -rwxrwxr-- 1 gao management 14429 Nov 20 09:56 test
>> So the permission changed to 774, not 770. I think somehow it combined
>> the permission here.
>> Just like you said, I can change it to 770 from the right-click. But I
>> prefer to do it automatically.
>>
>> Please help.
>>
>> Thanks a lot.
>>
>> Gao
>
> If you have the domain created correctly, the Samba database keeps the
> CIFS permissions. The Unix permissions aren't needed. Keep in mind that
> the two sets of permissions are distinct. If you set the CIFS
> permissions they are remembered. Checking the Unix permissions to see
> what the CIFS permissions are doesn't work.
>
> Having a Unix group called management isn't helpful unless it maps to a
> CIFS group. For example, most Samba users map the CIFS "Domain Users" to
> the Unix "users". This is in the Samba documentation. The 1018 simply
> shows that there is no CIFS group recognized for 1018 (don't forget, you
> are forcing the group - probably not what you really want to do).
>
> You really want to set up a CIFS group called management and add CIFS
> users to it.
>
> Samba maps CIFS users to Unix users if the name is the same.
>
> Have you tried using SWAT to manage your users and shares? It makes
> things easier if you don't have a Windows client to work from.
>
>
Looks like I need more reading. I googled for "CIFS group" and got lots
oracle/silaris but not much for linux. WHen you say "CIFS group", do you
mean a local group on the client PC?
Also I quickly installed SWAT and I can't find anywhere about CIFS group.
Gao
>>
>>>>
>>>>
>>>>
>>>>>
>>>>> Your example shows you setting the group to managegroup but your
>>>>> smb.conf forces the group to management. Which is it?
>>>>
>>>> my typo. I want make clear so I change the group name to managegroup.
>>>> The actual group name it the same "managment" which I think may cause
>>>> confusion when I post my question. Sorry.
>>>>
>>>> Bets Regards.
>>>>
>>>> Gao
>>> So is your user a member of management? Rather than forcing the group to
>>> management, you could just add members to the group.
>>>
>>> Also, when you set the Unix ownership and permissions too tightly, you
>>> may prevent Samba from accessing the share properly. Since the share
>>> directories and files are to be accessed only through CIFS/Samba, the
>>> Unix permissions can and should be very loose. My shares all have Unix
>>> permissions with everyone having rwx access.
>>>
>>>
>>>>
>>>>
>>>>>
>>>>> The last line in your server commands I believe should be chmod, not
>>>>> chowm.
>>>>>
>>>>>
>>>>> On 12/12/12 12:21 PM, J Gao wrote:
>>>>>> Hi, All,
>>>>>>
>>>>>> I'm having a problem with my samba server(v3.6.9) setup. I have a
>>>>>> share on the server:
>>>>>>
>>>>>> #cd /
>>>>>> #mkdir managment
>>>>>> #chown -R root:managegroup management
>>>>>> #chowm -R 2770 management
>>>>>>
>>>>>> When I test this I found out:
>>>>>> the managegroup member can create new file/dir with the correct
>>>>>> permission: -rwxrws--- or drwxrws---
>>>>>>
>>>>>> BUT, when the client copy a file or dir to the share from his local
>>>>>> drive, then some file/dir will have different the permission when it
>>>>>> coiped to the Samba share. (for example, drwxrwxr-x)
>>>>>>
>>>>>> We have both Windows and Ubuntu client. Ubuntu client use cifs.mount
>>>>>> to access the Samba share.
>>>>>>
>>>>>> Here is my smb.conf file. Please help me. All I want is when and file
>>>>>> and/or dir end up on the samba share, it should have 770 permission.
>>>>>>
>>>>>> Thanks.
>>>>>>
>>>>>> Gao
>>>>>>
>>>>>>
>>>>>> my smb.conf:
>>>>>> ============================================
>>>>>> [global]
>>>>>> workgroup = WORKGROUP
>>>>>> server string = My File Server
>>>>>> interfaces = lo bond0 192.168.1.2/24
>>>>>> hosts allow = 127. 192.168.1.
>>>>>> log file = /var/log/samba/log.%m
>>>>>> max log size = 1000
>>>>>> security = user
>>>>>> passdb backend = tdbsam
>>>>>> guest account = nobody
>>>>>> map to guest = Bad User
>>>>>> wins support = yes
>>>>>> dns proxy = no
>>>>>> map acl inherit = yes
>>>>>> nt acl support = yes
>>>>>> load printers = no
>>>>>> printing = bsd
>>>>>> printcap name = /dev/null
>>>>>> disable spoolss = yes
>>>>>> create mask = 0770
>>>>>> force security mode = 0770
>>>>>> force create mode = 0770
>>>>>> directory mask = 0770
>>>>>> force directory mode = 0770
>>>>>>
>>>>>> [Management]
>>>>>> comment =
>>>>>> path = /management
>>>>>> browsable = yes
>>>>>> public = no
>>>>>> writable = yes
>>>>>> read only = no
>>>>>> force group = management
>>>>>> valid users = @management
>>>>>>
>>>>>> ========================================
>>>>>>
>>>>>
>>>>
>>>>
>>>
>>
>>
>
--
More information about the samba
mailing list