[Samba] share rights question

Dale Schroeder dale at BriannasSaladDressing.com
Thu Nov 7 12:24:37 MST 2013 

Louis,

Have you tried adding "valid users = @"DOMAIN\admingroup1"

Dale


On 11/07/2013 9:54 AM, L.P.H. van Belle wrote:
> Hai,
>
> I really need these options,  :-((
>
>> create mode = 770
>> lose directory mode for the moment.
> this is because of some automated processed on multiple linux servers, and access from windows users.
>
>>>          read list = @"DOMAIN\admingroup1"
>>>          write list = @"DOMAIN\admingroup1"
>>>          force user = dbowner
>>>          force group = dbgroup
>>>          create mode = 666
>>>          directory mode = 777
>
> This is why im using the windows group to allow/deny access.
>
> my question is, how can i make it work, so a windows user, not member of the group admingroup1 ,
> cannot access the share at all.
>
> Louis
>
>
>> -----Oorspronkelijk bericht-----
>> Van: steve [mailto:steve at steve-ss.com]
>> Verzonden: dinsdag 5 november 2013 15:53
>> Aan: L.P.H. van Belle
>> CC: samba at lists.samba.org
>> Onderwerp: Re: [Samba] share rights question
>>
>> On Tue, 2013-11-05 at 14:41 +0100, L.P.H. van Belle wrote:
>>> hai,
>>>   
>>> I have a question, and im not seeing it..
>>> samba version 3.6.6 , ldap connected for auth, domain member.
>>>   
>>> I have this share.
>>> [db]
>>>          comment = DB Share
>>>          path = /db
>>>          browseable = yes
>>>          writeable = yes
>>>          wide links = yes
>>>          follow symlinks = yes
>>>          read list = @"DOMAIN\admingroup1"
>>>          write list = @"DOMAIN\admingroup1"
>>>          force user = dbowner
>>>          force group = dbgroup
>>>          create mode = 666
>>>          directory mode = 777
>>>
>>> in smb.conf      security = domain
>>> all users of admgroup1 can write, thats ok.
>>> Now im testing, and a user not member of admingroup1 is able
>> to access and write in this share.
>>>   
>>> I'm not seeing whats wrong.
>>> i've read :
>> http://www.samba.org/samba/docs/man/manpages-3/smb.conf.5.html
>>> but still, i dont understand why the userX, not member of
>> admingroup1 still can write in the share.
>>>   
>>> any advices?
>>>   
>>> Louis
>>>   
>> Hi
>> Try:
>> create mode = 770
>>
>> lose directory mode for the moment.
>> HTH
>> Steve
>>
>>
>>

More information about the samba mailing list