LinuxQuestions.org
Download your favorite Linux distribution at LQ ISO.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices


Reply
  Search this Thread
Old 09-05-2003, 09:21 AM   #1
littlegreenman
LQ Newbie
 
Registered: Sep 2003
Posts: 9

Rep: Reputation: 0
Question Samba configuration




Hello all.
I've set up a samba server on linux redhat 9.0. It serves 2 Windows 2000 machines, 2 windows xp professional and an xp home user machine.

Everything is working fine except for writting permissions. I can create a file/directory on the server without any problems. My co-worker can open the document, amend it and when she tries to save the file, she doesn't have permissions. The thrust of the problem is that I need samba to allow everybody on the network to overwrite other peoples files/directories.

I have tried mapping the samba shares using the same username and password on each of the machines, but I get the following problem.

Quote:
multiple connections to a shared resource by the same user, using more than one username are not allowed.
I really need to find some nifty solution to this problem. Everytime somebody cannot save a file, I have to telnet in and give full permissions.

My thinking is the solution lies in Group Accounts, but I am not up to speed on that. Any help would be appreciated.
 
Old 09-05-2003, 09:54 AM   #2
tangle
Senior Member
 
Registered: Apr 2002
Location: Arbovale, WV
Distribution: Slackware
Posts: 1,761

Rep: Reputation: 78
Can you post your smb.conf file. Since I do not know what your share name, lets say it is /home/shares/sales. Do an ls -l /home/shares and post the out put fo your shares.

It really sound to me like either no one has write permission though samba or that no one has write permission locually.
 
Old 09-05-2003, 09:58 AM   #3
littlegreenman
LQ Newbie
 
Registered: Sep 2003
Posts: 9

Original Poster
Rep: Reputation: 0
# Samba config file created using SWAT
# from localhost.localdomain (127.0.0.1)
# Date: 2003/07/04 11:53:26

# Global parameters
[global]

workgroup = Redsky
netbios name = redsky0
server string = Redsky Linux Server
passwd program = /usr/bin/passwd
smb passwd file = /etc/samba/smbpasswd
unix password sync = yes
max log size = 50
time server = yes
os level = 65
preferred master = yes
domain master = yes
local master = yes
security = yes
encrypt passwords = yes
domain logons = yes
log file = /var/log/log.%m
log level = 1
logon path = \\%N\profiles\%u
logon drive = R:
logon home = \\homeserver\%u
logon script = logon.bat.bat
SOCKET OPTIONS = TCP_NODELAY IPTOS_LOWDELAY SO_SNDBUF=8192 SO_RCVBUF=8192
hide dot files = yes
guest ok = no
invalid users = bin daemon sys man postfix mail ftp
admin users = @smbclient
hosts allow = 127. 192.168.1.189 192.168.1.184 192.168.1.183 192.168.1.182 192.168.1.181
hosts deny = *
domain admin group = @redsky
domain admin users = root

[netlogon]
path = /mnt/storage/samba
public = no
writeable = no
browsable = no
valid users = root cormac colette administrator declan lisa

[profiles]
path = /mnt/storage/samba
writeable = yes
create mask = 0700
directory mask = 0700
browsable = no
valid users = root cormac colette administrator declan lisa

[web]
Comment = "Web Directory"
path = /mnt/storage/www/html
read only = no
create mask = 0777
volume = "www_system"
valid users = cormac declan administrator lisa

[software]
Comment = "Software Directory"
path = /mnt/storage/software
read only = no
create mask = 0777
volume = "software_directory"
valid users = cormac declan administrator lisa colette
browsable = yes

[office]
Comment = "Office directory"
path = /mnt/storage/office
read only = no
create mask = 0777
volume = "office_directory"
valid users = cormac, colette, administrator, declan, lisa
[mp3]
Comment = "MP3 Directory"
path = /mnt/storage/mp3
read only = no
create mask = 0777
volume = "MP3 Directory"
valid users = cormac, colette, administrator, declan, lisa

[sales]
Comment = "Sales directory"
path = /mnt/storage/sales
read only = no
create mask = 0777
volume = "office_directory"
valid users = colette administrator

[online_marketing]
Comment = "Online Marketing"
path = /mnt/storage/online_marketing
read only = no
create mask = 0777
volume = "online_marketing"
valid users = administrator, cormac, declan, lisa colette


[act]
Comment = "Act Storage Directory"
path = /mnt/storage/act
read only = no
create mask = 0777
volume = "act_directory"
valid user = @smbclient
browsable = yes
[home]
Comment = "Home directory for : %u"
path = /home/%u
read only = no
public = no
browsable = yes
create mask = 0644
 
Old 09-05-2003, 11:30 AM   #4
tangle
Senior Member
 
Registered: Apr 2002
Location: Arbovale, WV
Distribution: Slackware
Posts: 1,761

Rep: Reputation: 78
Do an ls -l /mnt/storage and post it.
 
Old 09-05-2003, 11:39 AM   #5
littlegreenman
LQ Newbie
 
Registered: Sep 2003
Posts: 9

Original Poster
Rep: Reputation: 0
drwxrwxrwx 2 root root 4096 Jul 1 18:21 account
drwxrwxrwx 5 root root 4096 Jul 18 10:31 act
drwxr-xr-x 17 root root 4096 Aug 22 16:35 home
drwxr-xr-x 4 root root 4096 Aug 22 11:22 httpd
drwxr-xr-x 17 root root 4096 Sep 5 14:58 log
drwx------ 2 root root 16384 Aug 19 16:29 lost+found
drwxrwxrwx 3 root root 4096 Aug 20 14:44 mp3
drwxrwxrwx 2 root root 4096 Aug 25 15:51 office
drwxrwxrwx 5 root root 4096 Sep 1 11:42 online_marketing
drwxrwxrwx 3 root root 4096 Sep 5 14:21 sales
drwxrwxrwx 5 root root 4096 Sep 5 09:04 software
drwxr-xr-x 25 root root 4096 Jul 1 19:50 spool
drwxr-xr-x 9 root root 4096 May 20 15:22 www
 
Old 09-05-2003, 11:45 AM   #6
tangle
Senior Member
 
Registered: Apr 2002
Location: Arbovale, WV
Distribution: Slackware
Posts: 1,761

Rep: Reputation: 78
Are you creating the document that the lady can't write too from a Windows PC or are you creating it locually?
 
Old 09-05-2003, 11:49 AM   #7
littlegreenman
LQ Newbie
 
Registered: Sep 2003
Posts: 9

Original Poster
Rep: Reputation: 0
From a windows machine.
 
Old 09-05-2003, 11:51 AM   #8
littlegreenman
LQ Newbie
 
Registered: Sep 2003
Posts: 9

Original Poster
Rep: Reputation: 0
I've got to dash.... Its Friday, I'm finished work and there is a pint on the bar for me. Do you mind if we continue this on Monday, Tangle?
 
Old 09-05-2003, 12:27 PM   #9
Mathieu
Senior Member
 
Registered: Feb 2001
Location: Montreal, Quebec, Canada
Distribution: RedHat, Fedora, CentOS, SUSE
Posts: 1,403

Rep: Reputation: 46
Quote:
path = /mnt/storage/sales
What is /mnt/storage ?
Is it a Linux directory (local) or a mounted partition.
If it is a non-Linux partition, you may need to edit /etc/fstab
 
Old 09-08-2003, 03:16 AM   #10
littlegreenman
LQ Newbie
 
Registered: Sep 2003
Posts: 9

Original Poster
Rep: Reputation: 0
Good call. I pico the /etc/fstab and got the following;
none /proc proc defaults 0 0

There was stacks more lines in that file, dealing with all the drives, its all gone. Can the fstab file be overwritten?
 
Old 09-08-2003, 03:18 AM   #11
littlegreenman
LQ Newbie
 
Registered: Sep 2003
Posts: 9

Original Poster
Rep: Reputation: 0
Ooops, I was working of the wrong telnet session.
I got the following from the /etc/fstab file

LABEL=/ / ext3 defaults 1 1
LABEL=/boot /boot ext3 defaults 1 2
none /dev/pts devpts gid=5,mode=620 0 0
none /proc proc defaults 0 0
none /dev/shm tmpfs defaults 0 0
/dev/hda3 swap swap defaults 0 0
/dev/fd0 /mnt/floppy auto noauto,owner,kudzu 0 0
/dev/hdd /mnt/storage ext3 defaults 0 0

The second harddrive is in /dev/hdd. Any other ideas?
 
Old 09-08-2003, 01:20 PM   #12
sidmark-2850
Member
 
Registered: Aug 2003
Posts: 133

Rep: Reputation: 15
Use a directory mask

You should specify a directory mask as well.

directry mask = 0777

The default directory mask is 0755 so the user is the only one who is able to write to files within directories that are created on the share.

It looks like you are doing something like a departmental file server. Your best option is to create and make use of groups. Groups will definitely clean up things a bit and you can increase security by not having things world readable and writable.

Groups work just like they do on windows machines. A user can be a member of many groups. Linux may have a limit, but I am not really sure. Someone may know the specifics. The only exceptions are groups on samba are local and cannot be nested. The local groups issue is resolved with samba 3. (You should not use it on a production box.)

Looking at your config file and your directories, I see a possibility of a bunch of groups. First, you can put all of your users in a users group.

First create the group
groupadd users

Then you can add the members 2 ways
usermod -G users cormac
usermod -G users declan

usermod -G users <User # 3>
...

or

edit the /etc/group entry manually.
users:x:500:root,cormac,colette,administrator,declan,lisa

Your valid users statement can be cleaned up

valid users = @users

You won't have to worry about modifying the smb.conf file and restarting samba during working hours. You can just add users to groups and they should have access to the respective shares.

Now, file permissions are a bit different. You must first create the directory, or modify the existing ones so that the setgid bit is set. You should also set the group as required.

For example, you have the Online Marketing folder and it looks like you only want the users: cormac, declan, lisa colette to access it. First chmod the directory to 2770, create the o_market (for simplicity) group and chgrp it to o_market group. You can call the group whatever you want. You may want to look at the groupadd command to see if there are any naming restrictions.

A ls-l on your directory should look like

drwxrwS--- 5 root o_market 4096 Sep 1 11:42 online_marketing

and your samba share should look like

[online_marketing]
Comment = "Online Marketing"
path = /mnt/storage/online_marketing
read only = no
create mask = 0770
directory mask = 2770
volume = "online_marketing"
valid users = @o_market


Note how the directory mask comes into play. It allows new directories to be group writable.

Well, you can probably find some better documentation on the net about groups but here's my 2 cents.

Quote:
Its Friday, I'm finished work and there is a pint on the bar for me.
A pint sounds really good right now.
 
Old 09-10-2003, 04:38 AM   #13
littlegreenman
LQ Newbie
 
Registered: Sep 2003
Posts: 9

Original Poster
Rep: Reputation: 0
Hi Sidemark.

That worked a treat. Thanks very much. If you are ever in Dublin I'll buy you that pint.

Just a note for anybody using this thread for reference.
I created the users and groups from the KDE as opposed from command line. I had a few small problems on my system when using the commands.
cd /usr/sbin
./groupadd or ./usermod

After going into each directory I "as suggested for the directory" chgrp -Rf * <groupname>.

The finished article for anybody who is interested.

# Global parameters
[global]

workgroup = Redsky
netbios name = redsky0
server string = Redsky Linux Server
passwd program = /usr/bin/passwd
smb passwd file = /etc/samba/smbpasswd
unix password sync = yes
max log size = 50
time server = yes
os level = 65
preferred master = yes
domain master = yes
local master = yes
security = yes
encrypt passwords = yes
domain logons = yes
log file = /var/log/log.%m
log level = 1
logon path = \\%N\profiles\%u
logon drive = R:
logon home = \\homeserver\%u
logon script = logon.bat.bat
SOCKET OPTIONS = TCP_NODELAY IPTOS_LOWDELAY SO_SNDBUF=8192 SO_RCVBUF=8192
hide dot files = yes
guest ok = no
invalid users = bin daemon sys man postfix mail ftp
admin users = @redusers
hosts allow = 127. 192.168.1.189 192.168.1.184 192.168.1.183 192.168.1.182 192.168.1.181
hosts deny = *

[netlogon]
path = /mnt/storage/samba
public = no
writeable = no
browsable = no
valid user = @redusers

[profiles]
path = /mnt/storage/samba
writeable = yes
create mask = 770
directory mask = 0777
browsable = no
valid user = @redusers

[web]
Comment = "Web Directory"
path = /mnt/storage/www/html
read only = no
create mask = 775
directory mask = 0777
volume = "www_system"
valid user = @redusers

[software]
Comment = "Software Directory"
path = /mnt/storage/software
read only = no
create mask = 770
directory mask = 0777
volume = "software_directory"
valid user = @redusers
browsable = yes

[office]
Comment = "Office directory"
path = /mnt/storage/office
read only = no
create mask = 770
directory mask = 0777
volume = "office_directory"
valid user = @office
[mp3]
Comment = "MP3 Directory"
path = /mnt/storage/mp3
read only = no
create mask = 770
directory mask = 0777
volume = "MP3 Directory"
valid user = @redusers

[sales]
Comment = "Sales directory"
path = /mnt/storage/sales
read only = no
create mask = 770
directory mask = 0777
volume = "office_directory"
valid user = @office

[online_marketing]
Comment = "Online Marketing"
path = /mnt/storage/online_marketing
read only = no
create mask = 770
directory mask = 0777
volume = "online_marketing"
valid user = @marketing


[act]
Comment = "Act Storage Directory"
path = /mnt/storage/act
read only = no
create mask = 770
directory mask = 0777
volume = "act_directory"
valid user = @redusers
browsable = yes
[home]
Comment = "Home directory for : %u"
path = /home/%u
read only = no
public = no
browsable = yes
create mask = 0644



Please find the finished smb.conf file.
 
Old 09-10-2003, 11:30 AM   #14
sidmark-2850
Member
 
Registered: Aug 2003
Posts: 133

Rep: Reputation: 15
You should really do some reading on unix file permisions. Having directories or files created with the world readable bit is not a good idea. This means that anyone can write or delete file in directories. This is especially bad if your users have shell access to the samba server.
 
Old 09-10-2003, 11:55 AM   #15
littlegreenman
LQ Newbie
 
Registered: Sep 2003
Posts: 9

Original Poster
Rep: Reputation: 0
Thanks for the nod. I've still a lot to learn about that end.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Samba Configuration BlandoCal Linux - Networking 10 10-29-2008 03:31 PM
SAMBA configuration nawin_g Linux - Networking 9 11-08-2005 03:23 PM
Samba Configuration randy1970 Linux - Newbie 5 07-24-2005 09:22 AM
Samba configuration Mingthefirst Linux - Software 1 09-05-2004 11:04 PM
Need your help on SAMBA configuration vwhk Linux - Software 4 01-14-2002 06:12 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Networking

All times are GMT -5. The time now is 03:34 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration