LinuxQuestions.org
Support LQ: Use code LQ3 and save $3 on Domain Registration
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices

Reply
 
Search this Thread
Old 04-12-2005, 11:08 AM   #1
zupidupi
Member
 
Registered: Aug 2003
Posts: 32

Rep: Reputation: 15
Reading other user's home directory with Samba


Hi folks,

I'm trying to set up my Linux server to allow a particular user (say, user1) to have access to another user's (say, user2) home directory (/home/user2).

My samba-server is up and running rather nicely, thank you, user1 manages just fine to access directories simply defined as follows:

[data]
path = /usr/share/public/
browseable = yes
write list = user1

I've added the following lines to the smb.conf-file:

[user2]
path = /home/user2/
browseable = yes
write list = user1, user2

When I'm logged in as user1 in my Windows-box I reach [data], but get prompted for a password when trying to browse [user2]. When I enter the name and password of user1 I'm refused connection.

I've fiddled around with various user- and group-permissions but haven't stumbled upon the right combination yet... I don't want all the users to have access to home directory of user2, only those given permission. Preferably the access should be only through samba (not while logged in to a shell, or something similar), but if that's not possible I'm not too worried about it, either.

So, could some kind soul tell me which permissions I should fiddle with, what the info in smb.conf should look like and other possibly necessary adjustments.

Thank you very much in advance,

Zup
 
Old 04-12-2005, 08:52 PM   #2
DaveG
Member
 
Registered: Nov 2001
Location: London, UK
Distribution: Fedora 16
Posts: 160

Rep: Reputation: 43
Does your Samba server use user- or share-based security?

Do you log in successfully on the Windows box (authenticated by Samba)?

Sounds very similar to what happens when trying to connect to an old Windows box running "stand-alone" workgroups from a fully logged-in box. In that case you enter an empty user name and the share password to get access.

One thing that keeps tripping me up is the permissions on home directories. Most "old" distributions set home directories to 0775 but FC3 now sets them to 0700. The result is that Apache can't do per-user home directories (/home/user/public_html) even when the public directory is accessable. The appllication needs read or execute (can't remember which) permission on every directory in the path.

Hope this is of some help.
 
Old 04-12-2005, 09:20 PM   #3
Gibsonist
Member
 
Registered: Mar 2004
Location: Meersburg (GER)
Distribution: Cygwin,RH 7.2 7.3, SuSe 6.4 8.2 9.1,TinyLinux, Debian Sarge, Knoppix 3.*, Knoppicilin, Knoppix STD
Posts: 191

Rep: Reputation: 30
Dave that should be 755

(at the side)
try setting your public_html at 755 and then change your home dir to 711 should work
 
Old 04-13-2005, 03:25 AM   #4
zupidupi
Member
 
Registered: Aug 2003
Posts: 32

Original Poster
Rep: Reputation: 15
Hi Dave,

Thx for your reply.

> Does your Samba server use user- or share-based security?

Hmm...not sure about that, how do I check it?

> Do you log in successfully on the Windows box (authenticated by Samba)?

Logging in to the XP-box is no problem, neither is mapping/browsing Samba-directories on the Linux-box to the Windows-box. The problem arises when trying to connect to another user's home directory...I guess I have to fiddle around with the permissions some more.

Cheerio,

Zup
 
Old 04-13-2005, 06:53 AM   #5
DaveG
Member
 
Registered: Nov 2001
Location: London, UK
Distribution: Fedora 16
Posts: 160

Rep: Reputation: 43
Check your smb.conf file for the line "security = ...".

If it's "security = share" then Samba is running like a Windows workstation without an NT domain - no user/password checking - and each share needs a separate password.

If it's "security = user" (most common) then Samba should handle the user/password authentication when you log in to a Windows client and check the credentials when you access a Samba share. You'll need to set up smb users and passwords with smbpasswd.

There are other possibilities but they more complicated.

I have my FC3 Linux box working like a Windows NT4 server and it runs fine with Windos 98 clients. The relevant entries from my smb.conf:
-----
[global]
# SMB Operation
netbios name = your machine name
workgroup = your NT domain name or workgroup
server string = Samba Server
os level = 64
wins support = Yes
time server = Yes
preferred master = Yes
domain master = Yes
local master = yes
dns proxy = No
# Unix Interface
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
# To avoid running Samba on a WAN interface like ppp0
; bind interfaces only = yes
; interfaces = eth0
hosts allow = your local network/netmask
log file = /var/log/samba/%m.log
max log size = 0
strict locking = No
preserve case = yes
short preserve case = yes
case sensitive = no
# Security/User Management
security = user
encrypt passwords = yes
domain logons = Yes
admin users = root
username map = /etc/samba/smbusers
add user script = /usr/sbin/useradd -m '%u'
delete user script = /usr/sbin/userdel -r '%u'
add group script = /usr/sbin/groupadd '%g'
delete group script = /usr/sbin/groupdel '%g'
add user to group script = /usr/sbin/usermod -G '%g' '%u'
add machine script = /usr/sbin/useradd -s /bin/false -d /dev/null '%u'
ldap ssl = no
# Client Boot
logon path = \\%L\%U\profile
logon drive = X:
logon home = \\%L\%U\.profile
# Printing
cups options = raw

[IPC$]
path = /tmp
hosts allow = your local network/netmask, 127.0.0.1
hosts deny = 0.0.0.0/0

[homes]
comment = Home Directories
valid users = %S
read only = No
browseable = No

[netlogon]
comment = Network Logon Scripts
path = /usr/share/netlogon
write list = list of admins

[tmp]
comment = Temporary file space
path = /tmp
read only = No
guest ok = Yes
-----

The Troubleshooting section of the Samba HowTo has a useful checklist for tracking down problems.
 
Old 04-13-2005, 03:40 PM   #6
zupidupi
Member
 
Registered: Aug 2003
Posts: 32

Original Poster
Rep: Reputation: 15
Hiya,

OK, I see. Well, no line security = ... in my smb.conf-file, but it's clearly user (I suppose that's the default value?).

And yes, I have set up samba-users (user1) with passwords identical to corresponding Windows-passwords. The browsing of shared samba-directories outside the home directories of other users work just fine - but I can't reach the directory of user2

Still trying,

Zup
 
Old 04-13-2005, 09:13 PM   #7
broch
Member
 
Registered: Feb 2005
Distribution: Arch current, SuSe 10.1 32-bit, FreeBSD current, OpenBSD 4.0
Posts: 453

Rep: Reputation: 30
simply run
#testparm -v | grep security

the above command will tell what you have

all parameters:
#testparm -v
 
Old 04-14-2005, 02:53 AM   #8
zupidupi
Member
 
Registered: Aug 2003
Posts: 32

Original Poster
Rep: Reputation: 15
Hiya,

Yep, USER is the security level. But I can still not see the other user's directory...

Zup
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Permission problems when removing user's home directory. davethegenius Linux - Software 3 08-11-2005 05:01 PM
Not able to go to other user's home directory biswajit_dey Linux - Software 6 07-21-2005 09:14 AM
Changing user's home directory? HOW barton Debian 10 04-04-2005 03:27 AM
finding user's home directory within a daemon kurienmathew Programming 1 12-19-2003 04:22 AM
how to change a user's Home directory n1wil Linux - General 8 08-24-2002 04:22 PM


All times are GMT -5. The time now is 02:07 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration