Linux - NetworkingThis forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Hello all.
I've set up a samba server on linux redhat 9.0. It serves 2 Windows 2000 machines, 2 windows xp professional and an xp home user machine.
Everything is working fine except for writting permissions. I can create a file/directory on the server without any problems. My co-worker can open the document, amend it and when she tries to save the file, she doesn't have permissions. The thrust of the problem is that I need samba to allow everybody on the network to overwrite other peoples files/directories.
I have tried mapping the samba shares using the same username and password on each of the machines, but I get the following problem.
Quote:
multiple connections to a shared resource by the same user, using more than one username are not allowed.
I really need to find some nifty solution to this problem. Everytime somebody cannot save a file, I have to telnet in and give full permissions.
My thinking is the solution lies in Group Accounts, but I am not up to speed on that. Any help would be appreciated.
Can you post your smb.conf file. Since I do not know what your share name, lets say it is /home/shares/sales. Do an ls -l /home/shares and post the out put fo your shares.
It really sound to me like either no one has write permission though samba or that no one has write permission locually.
The default directory mask is 0755 so the user is the only one who is able to write to files within directories that are created on the share.
It looks like you are doing something like a departmental file server. Your best option is to create and make use of groups. Groups will definitely clean up things a bit and you can increase security by not having things world readable and writable.
Groups work just like they do on windows machines. A user can be a member of many groups. Linux may have a limit, but I am not really sure. Someone may know the specifics. The only exceptions are groups on samba are local and cannot be nested. The local groups issue is resolved with samba 3. (You should not use it on a production box.)
Looking at your config file and your directories, I see a possibility of a bunch of groups. First, you can put all of your users in a users group.
First create the group groupadd users
Then you can add the members 2 ways usermod -G users cormac
usermod -G users declan
usermod -G users <User # 3>
...
or
edit the /etc/group entry manually. users:x:500:root,cormac,colette,administrator,declan,lisa
Your valid users statement can be cleaned up
valid users = @users
You won't have to worry about modifying the smb.conf file and restarting samba during working hours. You can just add users to groups and they should have access to the respective shares.
Now, file permissions are a bit different. You must first create the directory, or modify the existing ones so that the setgid bit is set. You should also set the group as required.
For example, you have the Online Marketing folder and it looks like you only want the users: cormac, declan, lisa colette to access it. First chmod the directory to 2770, create the o_market (for simplicity) group and chgrp it to o_market group. You can call the group whatever you want. You may want to look at the groupadd command to see if there are any naming restrictions.
That worked a treat. Thanks very much. If you are ever in Dublin I'll buy you that pint.
Just a note for anybody using this thread for reference.
I created the users and groups from the KDE as opposed from command line. I had a few small problems on my system when using the commands.
cd /usr/sbin
./groupadd or ./usermod
After going into each directory I "as suggested for the directory" chgrp -Rf * <groupname>.
The finished article for anybody who is interested.
# Global parameters
[global]
workgroup = Redsky
netbios name = redsky0
server string = Redsky Linux Server
passwd program = /usr/bin/passwd
smb passwd file = /etc/samba/smbpasswd
unix password sync = yes
max log size = 50
time server = yes
os level = 65
preferred master = yes
domain master = yes
local master = yes
security = yes
encrypt passwords = yes
domain logons = yes
log file = /var/log/log.%m
log level = 1
logon path = \\%N\profiles\%u
logon drive = R:
logon home = \\homeserver\%u
logon script = logon.bat.bat
SOCKET OPTIONS = TCP_NODELAY IPTOS_LOWDELAY SO_SNDBUF=8192 SO_RCVBUF=8192
hide dot files = yes
guest ok = no
invalid users = bin daemon sys man postfix mail ftp
admin users = @redusers
hosts allow = 127. 192.168.1.189 192.168.1.184 192.168.1.183 192.168.1.182 192.168.1.181
hosts deny = *
[netlogon]
path = /mnt/storage/samba
public = no
writeable = no
browsable = no
valid user = @redusers
You should really do some reading on unix file permisions. Having directories or files created with the world readable bit is not a good idea. This means that anyone can write or delete file in directories. This is especially bad if your users have shell access to the samba server.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.