Samba Secondary Groups
in [Samba]
|
From: grant little on 19 Apr 2010 14:20 I had that problem with samba 3.4.X on ubuntu 9.10, the only way I could get it to work was to use 777 folder permissions as you describe. The fix for me was to go to samba 3.5.X which fixed that and several other problems like not being able to login to samba from OS X. Tried the same on a CENTOS 5.4 install as well and it works for SAMBA 3.0.33 with 770 folder permissions. Maybe a samba upgrade might fix what ails you but be careful what you upgrade to... On Sun, Apr 18, 2010 at 10:19 PM, David van Laatum <david(a)vanlaatum.id.au>wrote: > This has been bugging me for years but never got around to spending a lot > of time on it until I now want/need to use it for work stuff. > > Problem is simple I get access denied when trying to create a file in a > directory that is not owned by me or my primary group that doesn't have > world writable permissions. Ive also had similar issues with NFS mounts > where I can't move/create/delete files via > nfs but works fine if I do it on the local machine even though I am the > same user in the same groups. All relevant info I can think of follows let > me know if anything else is needed. Spent all morning looking for an answer > but only found hints of similar but not > applicable problems. > > [14:14:36 root(a)adl-nas-01 filestore]# smbd -V > Version 3.2.5 > [14:28:42 root(a)adl-nas-01 filestore]# uname -a > Linux adl-nas-01 2.6.26-2-amd64 #1 SMP Tue Mar 9 22:29:32 UTC 2010 x86_64 > GNU/Linux > [14:28:42 root(a)adl-nas-01 filestore]# cat /etc/debian_version > 5.0.4 > > [global] > security = ads > workgroup = VALEX > server string = File Store > realm = VALEX.LOCAL > password server = ldap.valex.local > wins server = 172.16.0.150 > dns proxy = no > log file = /var/log/samba/log.%m > max log size = 100 > log level = 3 > syslog = 1 > panic action = /usr/share/samba/panic-action %d > encrypt passwords = yes > printing = bsd > printcap name = /etc/printcap > idmap backend = ad > passdb backend = tdbsam > idmap uid = 100-90000 > idmap gid = 100-900000 > winbind cache time = 300 > winbind nss info = rfc2307 > winbind enum groups = yes > winbind enum users = yes > winbind use default domain = yes > winbind separator = / > winbind nested groups = yes > template homedir = /home/%U/homedir > template shell = /bin/bash > debug uid = yes > > [Accounts] > comment = Accounts Stuff > path = /filestore/accounts > guest ok = no > browseable = yes > ; valid users = @VALEX/vxAccounts @VALEX/vxSystems > create mask = 0660 > directory mask = 0770 > fstype = EXT3 > ; force group = +@VALEX/vxAccounts > > [14:32:58 root(a)adl-nas-01 filestore]# id dvanlaatum > uid=10440(dvanlaatum) gid=20000(vxsystems) > groups=20000(vxsystems),20002(domain admins),20003(domain > users),20001(vxallusers),5006(BUILTIN/administrators),5007(BUILTIN/users) > > [14:35:02 root(a)adl-nas-01 filestore]# ls -ald /filestore/accounts/ > drwxrwxr-x 3 root vxallusers 4096 2010-04-19 11:32 /filestore/accounts/ > > [14:37:54 david(a)L00018 ~]# smbclient -U dvanlaatum //adl-nas-01/Accounts > Password: > Domain=[VALEX] OS=[Unix] Server=[Samba 3.2.5] > smb: \> mkdir test > NT_STATUS_MEDIA_WRITE_PROTECTED making remote directory \test > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba > -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
From: David van Laatum on 23 Apr 2010 04:20 Thanks for the reply. After spending 2 days trying to get 3.5.2 compiled and working right I went back to the old version for a bit and discovered that writable = yes on the share fixed it..... little confused why I could write to some shares even though I didn't have it but all seems to work properly now. Only thing Ive noticed is that I can't seem to change permissions from windows on a file/directory unless I personally own the file but not sure if that's a samba problem or a file system thing? On Tuesday 20 April 2010 03:41:57 grant little wrote: > I had that problem with samba 3.4.X on ubuntu 9.10, the only way I could > get it to work was to use 777 folder permissions as you describe. The fix > for me was to go to samba 3.5.X which fixed that and several other problems > like not being able to login to samba from OS X. > Tried the same on a CENTOS 5.4 install as well and it works for SAMBA > 3.0.33 with 770 folder permissions. Maybe a samba upgrade might fix what > ails you but be careful what you upgrade to... > > On Sun, Apr 18, 2010 at 10:19 PM, David van Laatum <david(a)vanlaatum.id.au>wrote: > > This has been bugging me for years but never got around to spending a lot > > of time on it until I now want/need to use it for work stuff. > > > > Problem is simple I get access denied when trying to create a file in a > > directory that is not owned by me or my primary group that doesn't have > > world writable permissions. Ive also had similar issues with NFS mounts > > where I can't move/create/delete files via > > nfs but works fine if I do it on the local machine even though I am the > > same user in the same groups. All relevant info I can think of follows > > let me know if anything else is needed. Spent all morning looking for an > > answer but only found hints of similar but not > > applicable problems. > > > > [14:14:36 root(a)adl-nas-01 filestore]# smbd -V > > Version 3.2.5 > > [14:28:42 root(a)adl-nas-01 filestore]# uname -a > > Linux adl-nas-01 2.6.26-2-amd64 #1 SMP Tue Mar 9 22:29:32 UTC 2010 x86_64 > > GNU/Linux > > [14:28:42 root(a)adl-nas-01 filestore]# cat /etc/debian_version > > 5.0.4 > > > > [global] > > security = ads > > workgroup = VALEX > > server string = File Store > > realm = VALEX.LOCAL > > password server = ldap.valex.local > > wins server = 172.16.0.150 > > dns proxy = no > > log file = /var/log/samba/log.%m > > max log size = 100 > > log level = 3 > > syslog = 1 > > panic action = /usr/share/samba/panic-action %d > > encrypt passwords = yes > > printing = bsd > > printcap name = /etc/printcap > > idmap backend = ad > > passdb backend = tdbsam > > idmap uid = 100-90000 > > idmap gid = 100-900000 > > winbind cache time = 300 > > winbind nss info = rfc2307 > > winbind enum groups = yes > > winbind enum users = yes > > winbind use default domain = yes > > winbind separator = / > > winbind nested groups = yes > > template homedir = /home/%U/homedir > > template shell = /bin/bash > > debug uid = yes > > > > [Accounts] > > comment = Accounts Stuff > > path = /filestore/accounts > > guest ok = no > > browseable = yes > > ; valid users = @VALEX/vxAccounts @VALEX/vxSystems > > create mask = 0660 > > directory mask = 0770 > > fstype = EXT3 > > ; force group = +@VALEX/vxAccounts > > > > [14:32:58 root(a)adl-nas-01 filestore]# id dvanlaatum > > uid=10440(dvanlaatum) gid=20000(vxsystems) > > groups=20000(vxsystems),20002(domain admins),20003(domain > > users),20001(vxallusers),5006(BUILTIN/administrators),5007(BUILTIN/users) > > > > [14:35:02 root(a)adl-nas-01 filestore]# ls -ald /filestore/accounts/ > > drwxrwxr-x 3 root vxallusers 4096 2010-04-19 11:32 /filestore/accounts/ > > > > [14:37:54 david(a)L00018 ~]# smbclient -U dvanlaatum //adl-nas-01/Accounts > > Password: > > Domain=[VALEX] OS=[Unix] Server=[Samba 3.2.5] > > smb: \> mkdir test > > NT_STATUS_MEDIA_WRITE_PROTECTED making remote directory \test > > -- > > To unsubscribe from this list go to the following URL and read the > > instructions: https://lists.samba.org/mailman/options/samba > -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
From: grant little on 23 Apr 2010 17:30 On Fri, Apr 23, 2010 at 1:11 AM, David van Laatum <david(a)vanlaatum.id.au>wrote: > <snip/> > Only thing Ive noticed is that I can't seem to change permissions from > windows > on a file/directory unless I personally own the file but not sure if that's > a > samba problem or a file system thing? > <snip/> > I'm no windows expert, far from it, but I think you need to be granted specific security permissions for that file to be able to change permissions on that file. Even in a windows server share if you right-click on a file and choose properties/security then there is a group of folks who can do various things as denoted by the checked items in the dialog that comes up. Access Control Lists can get quite complicated and I do know that later version of Samba have improved ACLs over earlier so it may be a combination of windows and Samba that you are dealing with. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
|
Pages: 1 Prev: [Samba] Registry Settings for Windows 7 Next: Registry Settings for Windows 7 |