Reading other user's home directory with Samba
Hi folks,
I'm trying to set up my Linux server to allow a particular user (say, user1) to have access to another user's (say, user2) home directory (/home/user2). My samba-server is up and running rather nicely, thank you, user1 manages just fine to access directories simply defined as follows: [data] path = /usr/share/public/ browseable = yes write list = user1 I've added the following lines to the smb.conf-file: [user2] path = /home/user2/ browseable = yes write list = user1, user2 When I'm logged in as user1 in my Windows-box I reach [data], but get prompted for a password when trying to browse [user2]. When I enter the name and password of user1 I'm refused connection. I've fiddled around with various user- and group-permissions but haven't stumbled upon the right combination yet... I don't want all the users to have access to home directory of user2, only those given permission. Preferably the access should be only through samba (not while logged in to a shell, or something similar), but if that's not possible I'm not too worried about it, either. So, could some kind soul tell me which permissions I should fiddle with, what the info in smb.conf should look like and other possibly necessary adjustments. Thank you very much in advance, Zup |
Does your Samba server use user- or share-based security?
Do you log in successfully on the Windows box (authenticated by Samba)? Sounds very similar to what happens when trying to connect to an old Windows box running "stand-alone" workgroups from a fully logged-in box. In that case you enter an empty user name and the share password to get access. One thing that keeps tripping me up is the permissions on home directories. Most "old" distributions set home directories to 0775 but FC3 now sets them to 0700. The result is that Apache can't do per-user home directories (/home/user/public_html) even when the public directory is accessable. The appllication needs read or execute (can't remember which) permission on every directory in the path. Hope this is of some help. |
Dave that should be 755
(at the side) try setting your public_html at 755 and then change your home dir to 711 should work |
Hi Dave,
Thx for your reply. > Does your Samba server use user- or share-based security? Hmm...not sure about that, how do I check it? > Do you log in successfully on the Windows box (authenticated by Samba)? Logging in to the XP-box is no problem, neither is mapping/browsing Samba-directories on the Linux-box to the Windows-box. The problem arises when trying to connect to another user's home directory...I guess I have to fiddle around with the permissions some more. Cheerio, Zup |
Check your smb.conf file for the line "security = ...".
If it's "security = share" then Samba is running like a Windows workstation without an NT domain - no user/password checking - and each share needs a separate password. If it's "security = user" (most common) then Samba should handle the user/password authentication when you log in to a Windows client and check the credentials when you access a Samba share. You'll need to set up smb users and passwords with smbpasswd. There are other possibilities but they more complicated. I have my FC3 Linux box working like a Windows NT4 server and it runs fine with Windos 98 clients. The relevant entries from my smb.conf: ----- [global] # SMB Operation netbios name = your machine name workgroup = your NT domain name or workgroup server string = Samba Server os level = 64 wins support = Yes time server = Yes preferred master = Yes domain master = Yes local master = yes dns proxy = No # Unix Interface socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 # To avoid running Samba on a WAN interface like ppp0 ; bind interfaces only = yes ; interfaces = eth0 hosts allow = your local network/netmask log file = /var/log/samba/%m.log max log size = 0 strict locking = No preserve case = yes short preserve case = yes case sensitive = no # Security/User Management security = user encrypt passwords = yes domain logons = Yes admin users = root username map = /etc/samba/smbusers add user script = /usr/sbin/useradd -m '%u' delete user script = /usr/sbin/userdel -r '%u' add group script = /usr/sbin/groupadd '%g' delete group script = /usr/sbin/groupdel '%g' add user to group script = /usr/sbin/usermod -G '%g' '%u' add machine script = /usr/sbin/useradd -s /bin/false -d /dev/null '%u' ldap ssl = no # Client Boot logon path = \\%L\%U\profile logon drive = X: logon home = \\%L\%U\.profile # Printing cups options = raw [IPC$] path = /tmp hosts allow = your local network/netmask, 127.0.0.1 hosts deny = 0.0.0.0/0 [homes] comment = Home Directories valid users = %S read only = No browseable = No [netlogon] comment = Network Logon Scripts path = /usr/share/netlogon write list = list of admins [tmp] comment = Temporary file space path = /tmp read only = No guest ok = Yes ----- The Troubleshooting section of the Samba HowTo has a useful checklist for tracking down problems. |
Hiya,
OK, I see. Well, no line security = ... in my smb.conf-file, but it's clearly user (I suppose that's the default value?). And yes, I have set up samba-users (user1) with passwords identical to corresponding Windows-passwords. The browsing of shared samba-directories outside the home directories of other users work just fine - but I can't reach the directory of user2 :( Still trying, Zup |
simply run
#testparm -v | grep security the above command will tell what you have all parameters: #testparm -v |
Hiya,
Yep, USER is the security level. But I can still not see the other user's directory... :( Zup |
All times are GMT -5. The time now is 10:58 AM. |