PDC directory permission fail
in [Samba]
|
From: Сергей on 5 Jan 2010 02:20 Hello, Bino! > I use webmin to do the samba PDC configuration IMHO, insuffisient > > [warehouse] > comment = Files of warehouse > writeable = yes > path = /hdd2/samba/groupfiles/warehouse > > when I create that share via webmin i use option : > a. mode : 775 > b. Create user : Root > c. Create Group : warehouse. > > 4. From my XP station , I login to that domain with user name "wh01", > the results is : > a. Successfull login > b. wh01 can create a file in the home directory (/home/wh01) > > But, wh01 can not write file to share "warehouse" Which permission to the new file? May be 644? :) IMHO, user have right to write directory, but have not right to write file. Look man smb.conf for "force create mode", "force directory mode" or http://wiki.samba.org/index.php/Frequently_Asked_Questions#inherit_permissions Bye. Serg -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
From: Bino Oetomo on 5 Jan 2010 21:00 Dear Serg and All óÅÒÇÅÊ wrote: > Hello, Bino! > > >> I use webmin to do the samba PDC configuration >> > IMHO, insuffisient > Agree ... I did some direct edit to conf file >> [warehouse] >> comment = Files of warehouse >> writeable = yes >> path = /hdd2/samba/groupfiles/warehouse >> >> when I create that share via webmin i use option : >> a. mode : 775 >> b. Create user : Root >> c. Create Group : warehouse. >> >> 4. From my XP station , I login to that domain with user name "wh01", >> the results is : >> a. Successfull login >> b. wh01 can create a file in the home directory (/home/wh01) >> > > >> But, wh01 can not write file to share "warehouse" >> > Which permission to the new file? May be 644? :) > IMHO, user have right to write directory, but have not right to write file. > Look man smb.conf for "force create mode", "force directory mode" or http://wiki.samba.org/index.php/Frequently_Asked_Questions#inherit_permissions > > Thankyou for your enlightment I read that documentation, but I don't want uuser to be able to execute things in directory So I chage the share to : [warehouse] create mode = 660 path = /hdd2/samba/groupfiles/warehouse directory mode = 660 force group = warehouse (and the dircory is auto created with user:group as root:warehouse) Still the user with group "warehouse" can not access (event just "open") the directory so I try to delete the share ... manualy remove the dir , and re create the share (and dir) with : [warehouse] create mode = 760 path = /hdd2/samba/groupfiles/warehouse directory mode = 760 force group = warehouse Still the user with group "warehouse" can not access (event just "open") the directory Again, I try to delete the share ... manualy remove the dir , and re create the share (and dir) with : [warehouse] create mode = 770 path = /hdd2/samba/groupfiles/warehouse directory mode = 770 force group = warehouse And ... voila ... the user can access (read-write) into the shares ... But it'll means that the user can also "execute" somethings inside directory ... right ? Why we need the "execute" bit in directory permission just to let the user to "read and write only" ? Just fyi, my system is based on : ++ Ubuntu Jaunty ++ Samba 3.32 Sincerely -bino- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
From: Brian H. Nelson on 5 Jan 2010 21:40 Bino Oetomo wrote: > And ... voila ... the user can access (read-write) into the shares ... > But it'll means that the user can also "execute" somethings inside > directory ... right ? > > Why we need the "execute" bit in directory permission just to let the > user to "read and write only" ? > That is how UNIX filesystem permissions work. 'Execute' on a directory allows traversal of (ie access into) the directory. From Wikipedia (http://en.wikipedia.org/wiki/File_system_permissions): There are three specific permissions on Unix-like systems that apply to each class: * The read permission, which grants the ability to read a file. When set for a directory, this permission grants the ability to read the names of files in the directory (but not to find out any further information about them such as contents, file type, size, ownership, permissions, etc.) * The write permission, which grants the ability to modify a file. When set for a directory, this permission grants the ability to modify entries in the directory. This includes creating files, deleting files, and renaming files. * The execute permission, which grants the ability to execute a file. This permission must be set for executable binaries (for example, a compiled c++ program) or shell scripts (for example, a Perl program) in order to allow the operating system to run them. When set for a directory, this permission grants the ability to traverse its tree in order to access files or subdirectories, but not see files inside the directory (unless read is set). Search Google for "unix permissions" if you need more understanding. -Brian -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
From: Bino Oetomo on 5 Jan 2010 23:10 Dear Brian and all Thankyou for your fast enlightment Brian H. Nelson wrote: > Bino Oetomo wrote: >> And ... voila ... the user can access (read-write) into the shares ... >> But it'll means that the user can also "execute" somethings inside >> directory ... right ? >> >> Why we need the "execute" bit in directory permission just to let the >> user to "read and write only" ? >> > > That is how UNIX filesystem permissions work. 'Execute' on a directory > allows traversal of (ie access into) the directory. > Understood. I Knew that for every "execute" will need "read", thats why every allow-execute will consequently allow-read. But how if i need allo-write (consequently will allow-read) + deny-execute ? AFAIK it will "6" or "2" in permission bit, right ? Sincerely -bino- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
From: Dale Schroeder on 6 Jan 2010 14:00 On 01/05/2010 10:00 PM, Bino Oetomo wrote: > Dear Brian and all > > Thankyou for your fast enlightment > > Brian H. Nelson wrote: >> Bino Oetomo wrote: >>> And ... voila ... the user can access (read-write) into the shares ... >>> But it'll means that the user can also "execute" somethings inside >>> directory ... right ? >>> >>> Why we need the "execute" bit in directory permission just to let >>> the user to "read and write only" ? >>> >> That is how UNIX filesystem permissions work. 'Execute' on a >> directory allows traversal of (ie access into) the directory. > > Understood. > I Knew that for every "execute" will need "read", thats why every > allow-execute will consequently allow-read. > > But how if i need allo-write (consequently will allow-read) + > deny-execute ? > AFAIK it will "6" or "2" in permission bit, right ? From your previous email, it sounds like you want is ==> create mode = 660 directory mode = 770 For other control parameters, see the "force" parameters regarding create/directory/security. For Ubuntu: Having the swat and samba-doc packages installed provides an excellent way to see all the available parameters with a corresponding link to an explanation of what each does, and what its default value is. Dale > > > Sincerely > -bino- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
|
Pages: 1 Prev: [Samba] Winbind Expand Groups option not fully funtional Next: windows 7 and printer sharing |