[Samba] Problems with permissions
Rowland Penny
rowlandpenny at googlemail.com
Sun Jan 18 05:39:08 MST 2015
On 18/01/15 10:01, Dr. Harry Knitter wrote:
> Rowland Penny <rowlandpenny at googlemail.com> schrieb am 18.01.2015:
>> Please don't send PM's, it breaks the thread, how was anybody other than
>> Jeremy to know you sent it ??
> This happened, becaus I got Jeremies mail by PM, too and did not take care to
> send my answer to the list, too. Sorry again
> @ all
> my samba version is 3.6.6.6.-deb7
>
> @ Marc Muehlfeld
> Not having a samba 4 version I tried
> https://wiki.samba.org/index.php/Setup_and_configure_file_shares_with_POSIX_ACLs
>
>> OK, in which case, can you post your entire smb.conf
>>
> <smb.conf>
> workgroup = mydomain.lan
> server string = %h server
> interfaces = eth0
> bind interfaces only = Yes
> passwd program = /usr/bin/passwd %u
> passwd chat = *Enter\snew\s*\spassword:* %n\n *Retype\snew\s*\spassword:*
> %n\n *password\supdated\ssuccessfully* .
> unix password sync = Yes
> syslog = 0
> log file = /var/log/samba/log.%m
> max log size = 1000
> name resolve order = lmhosts host wins bcast
> add user script = /usr/sbin/adduser --quiet --disabled-password --gecos
> "" %u
> add group script = /usr/sbin/addgroup --force-badname %g
> add machine script = /usr/sbin/useradd -g machines -c "%u machine
> account" -d /var/lib/samba -s /bin/false %u
> logon drive = H:
> domain logons = Yes
> domain master = Yes
> wins support = no
> panic action = /usr/share/samba/panic-action %d
> admin users = @ntadmin, root
> os level = 64
> log level = 3 smb:5
> [homes]
> comment = Home Directories
> valid users = %S
> read only = No
> create mask = 0700
> directory mask = 0700
> browseable = No
>
> [printers]
> comment = All Printers
> path = /var/spool/samba
> create mask = 0700
> printable = Yes
> print ok = Yes
> browseable = No
>
> [print$]
> comment = Printer Drivers
> path = /var/lib/samba/printers
>
> [public]
> path = /home/ldap
> read only = no
> valid users = +users, root
> guest ok = no
> force group = users
> force user = harry
> create mask = 777
> directory mask = 777
> inherit permissions = yes
>
> Unix premissions are set to 2777 according to
> https://wiki.samba.org/index.php/Setup_and_configure_file_shares_with_POSIX_ACLs
>
> The status quo is from the view of the Windows clients:
>
> No full controll for neither owner group nor everyone in standard permissions.
>
> Only special permissions:
>
> On existing directories:
> owner has full control
> group has full control
> everyone has full control
>
> on existing files
> owner full control and delete not set
> group full control and delete not set
> everyone full control and delete not set
>
> directories created new
> owner has full control
> group has full control
> everyone has full control
>
> files crated new
> owner full control and delete not set
> group full control, search/execute, delete, change permissions, take ownership
> not set
> everyone same as group
>
> New created directories have unix permissions according to directory mask.
> New created files have 766 (create mask is 777).
>
> When connecting as othe user than owner, e.g. root/Administrator.
> the ownership of new directories and files is root (force user is not done).
>
> Trying to change permissions from Windows clients shows no effect.
>
> Hope this will help you to help me. Thanks.
>
> Harry
>
> --
> no PMs please, I am reading the list
Lets deal with the obvious first, your workgroup name, you give it as
'mydomain.lan' , now is that the actual workgroup name ? If so, then it
shouldn't have the dot '.' in it, but if it is a replacement for your
domain, is your domain longer than 15 characters ? Sort this problem and
see if it works, the other thing to check, have you done the registry
changes ? see here:
https://wiki.samba.org/index.php/Registry_changes_for_NT4-style_domains
Rowland
More information about the samba
mailing list