[Samba] Samba Folder Permissions

L.P.H. van Belle belle at bazuin.nl
Thu Jan 5 01:56:15 MST 2012


the try this, 

[groups]
    writable = yes
    path = /home/groups
    force group = users
    comment = All group folders
    create mode = 660
    directory mode = 770
    vfs object = acl_xattr  





>-----Oorspronkelijk bericht-----
>Van: stefan at hornings.de [mailto:samba-bounces at lists.samba.org] 
>Namens Stefan Horning
>Verzonden: 2012-01-03 15:06
>Aan: samba at lists.samba.org
>Onderwerp: [Samba] Samba Folder Permissions
>
>Hello list members,
>my name is Stefan, this is my first post to this Mailinglist, 
>so please 
>bear with me. ;)
>I am working as a Network Administrator of a small Office Network. We 
>use Debian Server as Samba PDC and Fileserver.
>The Domain runs pretty well with all the Windows 7 Clients. I 
>have just 
>one thing that bugs me.
>In the groupshare we set up, users can only access folders that are 
>world readable, for some reason. As a temporary fix I put all 
>users into 
>the Domain Admin group, so they can at least use the groupshare.
>
>But first of all you probably want to know the details. The Samba 
>Version is 3.5.6
>
>This is my smb.conf:
>-----------------------------------------------------------------
>[global]
>    netbios name = SCM-SRV-01
>    server string = Domain Server (%h)
>    workgroup = SCM
>    interfaces = eth1 eth2 eth3
>    bind interfaces only = yes
>    security = user
>    encrypt passwords = true
>    passdb backend = tdbsam
>    obey pam restrictions = yes
>    unix password sync = yes
>    passwd program = /usr/bin/passwd %u
>    passwd chat = *Enter\snew\sUNIX\spassword:* %n\n 
>*Retype\snew\sUNIX\spassword:* %n\n .
>    local master = yes
>    preferred master = yes
>    os level = 200
>    domain master = yes
>    domain logons = yes
>    logon path = \\%L\%U\profile
>    logon drive = h:
>    logon script = login.bat
>    profile acls = yes
>    hide files = 
>/desktop.ini/ntuser.ini/NTUSER.*/Thumbs.db/AppData/profile.V2/
>    hide dot files = yes
>    wins support = no
>    log file = /var/log/samba/log.%m
>    max log size = 1000
>    syslog = 0
>    panic action = /usr/share/samba/panic-action %d
>    socket options = TCP_NODELAY
>
>#======================= Share Definitions =======================
>
>[homes]
>    comment = Home Directories
>    browseable = no
>    valid users = %S
>    writeable = yes
>    create mode = 0600
>    directory mode = 0700
>
>[netlogon]
>    comment = Network Logon Service
>    path = /home/samba/netlogon
>    guest ok = yes
>    writeable = no
>    share modes = no
>
>[groups]
>    writable = yes
>    path = /home/groups
>    force group = users
>    comment = All group folders
>    create mode = 660
>    directory mode = 770
>-----------------------------------------------------------------------
>
>Output of net groupmap list:
>
>Domain Users (S-1-5-21-2431676908-1022338963-3230702413-513) -> users
>Domain Guests (S-1-5-21-2431676908-1022338963-3230702413-514) -> guests
>Domain Admins (S-1-5-21-2431676908-1022338963-3230702413-512) 
>-> domainadmin
>-----------------------------------------------------------------------
>
>Like I said everyting works well, except the permissions in the share 
>[groups].
>
>All linux (and therefore domain) users are in the primary group users. 
>All the employees are in the group 'mitarbeiter'.
>
>So if I set /home/groups to
>drwxr-x-- 11 root users 4096  2. Jan 13:08 groups/
>the share is not accessible. Eventhough alle users are in the group 
>users and should therefore be able to read that folder.
>If I put users into the domainadmin group, group permissions work as 
>expected. All employees can access subfolders of groups which are 
>readable to mitarbeiter (but not others they have no permissions for) 
>and can also read the content of /home/groups. So the mapping of unix 
>groups from Windows7 works without problems.
>
>Folder permission in Samba can only be realized if I make 
>folders world 
>readable, which is not what I want for all folders.
>
>After extensive internet research I could not figure out what 
>I am doing 
>wrong. I also had similar samba setups where unix group permissions 
>always where correctly used in samba.
>
>I suspect it being a problem with domain groups and there mapping. I 
>also tried to create some samba Domain Groups and map them to 
>the local 
>unix groups, which didn't make a difference either.
>
>So I hope anybody on this list knows what the problem is. I am 
>happy to 
>give more information as needed!
>
>
>Thanks,
>Stefan Horning
>
>
>-- 
>To unsubscribe from this list go to the following URL and read the
>instructions:  https://lists.samba.org/mailman/options/samba
>
>



More information about the samba mailing list