LinuxQuestions.org
Register a domain and help support LQ
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 06-10-2008, 12:32 PM   #1
djsting
LQ Newbie
 
Registered: Jun 2008
Posts: 16

Rep: Reputation: 0
Samba Config Help - Permissions?


I am replacing an old system running RH9 with a new one running CentOS5, this system is a fileserver only.

On the old RH9 system I had it configured so that one Samba user had no password, this user has read only access to the server and is the Windows user on my Mame arcade system (no keyboard so it's impossible to have a password on that system).

I can not figure out how to get it configured the same way on my new CentOS5 system. I created the user, deleted the user's password, added the user to the Samba Users list, and still no go.

Can someone please provide a bit of assistance on this???

I'd like to add to this and also post the smb.conf as requested.

I was just testing further and found that a user, apape, has read access to some shares (data, and mp3) yet not write access, and this user does not have any access to another share (rosanne). The user apape is in the following groups: apape, rmusel, root. Also the user apape has no access to their own home directory.

To further add to this, the user rmusel has read access to data and mp3 as they should. This user has no access to rosanne nor their own home directory.

Clearly something is off on my permissions, I just do not know what. I have the same share settings as I did in the RH9 system and everything there worked perfectly.

Here's what is in my smb.conf file.

Code:
# This is the main Samba configuration file. You should read the
# smb.conf(5) manual page in order to understand the options listed
# here. Samba has a huge number of configurable options (perhaps too
# many!) most of which are not shown in this example
#
# For a step to step guide on installing, configuring and using samba,
# read the Samba-HOWTO-Collection. This may be obtained from:
# http://www.samba.org/samba/docs/Samba-HOWTO-Collection.pdf
#
# Many working examples of smb.conf files can be found in the
# Samba-Guide which is generated daily and can be downloaded from:
# http://www.samba.org/samba/docs/Samba-Guide.pdf
#
# Any line which starts with a ; (semi-colon) or a # (hash)
# is a comment and is ignored. In this example we will use a #
# for commentry and a ; for parts of the config file that you
# may wish to enable
#
# NOTE: Whenever you modify this file you should run the command "testparm"
# to check that you have not made any basic syntactic errors.
#
#---------------
# SELINUX NOTES:
#
# If you want to use the useradd/groupadd family of binaries please run:
# setsebool -P samba_domain_controller on
#
# If you want to share home directories via samba please run:
# setsebool -P samba_enable_home_dirs on
#
# If you create a new directory you want to share you should mark it as
# "samba-share_t" so that selinux will let you write into it.
# Make sure not to do that on system directories as they may already have
# been marked with othe SELinux labels.
#
# Use ls -ldZ /path to see which context a directory has
#
# Set labels only on directories you created!
# To set a label use the following: chcon -t samba_share_t /path
#
# If you need to share a system created directory you can use one of the
# following (read-only/read-write):
# setsebool -P samba_export_all_ro on
# or
# setsebool -P samba_export_all_rw on
#
# If you want to run scripts (preexec/root prexec/print command/...) please
# put them into the /var/lib/samba/scripts directory so that smbd will be
# allowed to run them.
# Make sure you COPY them and not MOVE them so that the right SELinux context
# is applied, to check all is ok use restorecon -R -v /var/lib/samba/scripts
#
#--------------
#
#======================= Global Settings =====================================
 
[global]
 
# ----------------------- Netwrok Related Options -------------------------
#
# workgroup = NT-Domain-Name or Workgroup-Name, eg: MIDEARTH
#
# server string is the equivalent of the NT Description field
#
# netbios name can be used to specify a server name not tied to the hostname
#
# Interfaces lets you configure Samba to use multiple interfaces
# If you have multiple network interfaces then you can list the ones
# you want to listen on (never omit localhost)
#
# Hosts Allow/Hosts Deny lets you restrict who can connect, and you can
# specifiy it as a per share option as well
#
workgroup = apape.net
server string = Samba Server Version %v
 
netbios name = Warehouse
 
; interfaces = lo eth0 192.168.12.2/24 192.168.13.2/24
; hosts allow = 127. 192.168.12. 192.168.13.
hosts allow = 192.168.12. 127.
 
# --------------------------- Logging Options -----------------------------
#
# Log File let you specify where to put logs and how to split them up.
#
# Max Log Size let you specify the max size log files should reach
 
# logs split per machine
log file = /var/log/samba/%m.log
# max 50KB per log file, then rotate
max log size = 50
 
# ----------------------- Standalone Server Options ------------------------
#
# Scurity can be set to user, share(deprecated) or server(deprecated)
#
# Backend to store user information in. New installations should
# use either tdbsam or ldapsam. smbpasswd is available for backwards
# compatibility. tdbsam requires no further configuration.
 
security = user
passdb backend = tdbsam
 
username map = /etc/samba/smbusers
null passwords = yes
 
 
# ----------------------- Domain Members Options ------------------------
#
# Security must be set to domain or ads
#
# Use the realm option only with security = ads
# Specifies the Active Directory realm the host is part of
#
# Backend to store user information in. New installations should
# use either tdbsam or ldapsam. smbpasswd is available for backwards
# compatibility. tdbsam requires no further configuration.
#
# Use password server option only with security = server or if you can't
# use the DNS to locate Domain Controllers
# The argument list may include:
# password server = My_PDC_Name [My_BDC_Name] [My_Next_BDC_Name]
# or to auto-locate the domain controller/s
# password server = *
 
 
; security = domain
; passdb backend = tdbsam
; realm = MY_REALM
 
; password server = <NT-Server-Name>
 
# ----------------------- Domain Controller Options ------------------------
#
# Security must be set to user for domain controllers
#
# Backend to store user information in. New installations should
# use either tdbsam or ldapsam. smbpasswd is available for backwards
# compatibility. tdbsam requires no further configuration.
#
# Domain Master specifies Samba to be the Domain Master Browser. This
# allows Samba to collate browse lists between subnets. Don't use this
# if you already have a Windows NT domain controller doing this job
#
# Domain Logons let Samba be a domain logon server for Windows workstations.
#
# Logon Scrpit let yuou specify a script to be run at login time on the client
# You need to provide it in a share called NETLOGON
#
# Logon Path let you specify where user profiles are stored (UNC path)
#
# Various scripts can be used on a domain controller or stand-alone
# machine to add or delete corresponding unix accounts
#
; security = user
; passdb backend = tdbsam
 
; domain master = yes
; domain logons = yes
 
# the login script name depends on the machine name
; logon script = %m.bat
# the login script name depends on the unix user used
; logon script = %u.bat
; logon path = \\%L\Profiles\%u
# disables profiles support by specifing an empty path
; logon path =
 
; add user script = /usr/sbin/useradd "%u" -n -g users
; add group script = /usr/sbin/groupadd "%g"
; add machine script = /usr/sbin/useradd -n -c "Workstation (%u)" -M -d /nohome -s /bin/false "%u"
; delete user script = /usr/sbin/userdel "%u"
; delete user from group script = /usr/sbin/userdel "%u" "%g"
; delete group script = /usr/sbin/groupdel "%g"
 
 
# ----------------------- Browser Control Options ----------------------------
#
# set local master to no if you don't want Samba to become a master
# browser on your network. Otherwise the normal election rules apply
#
# OS Level determines the precedence of this server in master browser
# elections. The default value should be reasonable
#
# Preferred Master causes Samba to force a local browser election on startup
# and gives it a slightly higher chance of winning the election
local master = no
; os level = 33
; preferred master = yes
 
#----------------------------- Name Resolution -------------------------------
# Windows Internet Name Serving Support Section:
# Note: Samba can be either a WINS Server, or a WINS Client, but NOT both
#
# - WINS Support: Tells the NMBD component of Samba to enable it's WINS Server
#
# - WINS Server: Tells the NMBD components of Samba to be a WINS Client
#
# - WINS Proxy: Tells Samba to answer name resolution queries on
# behalf of a non WINS capable client, for this to work there must be
# at least one WINS Server on the network. The default is NO.
#
# DNS Proxy - tells Samba whether or not to try to resolve NetBIOS names
# via DNS nslookups.
 
; wins support = yes
; wins server = w.x.y.z
; wins proxy = yes
 
; dns proxy = yes
dns proxy = no
 
# --------------------------- Printing Options -----------------------------
#
# Load Printers let you load automatically the list of printers rather
# than setting them up individually
#
# Cups Options let you pass the cups libs custom options, setting it to raw
# for example will let you use drivers on your Windows clients
#
# Printcap Name let you specify an alternative printcap file
#
# You can choose a non default printing system using the Printing option
 
; load printers = yes
cups options = raw
 
; printcap name = /etc/printcap
#obtain list of printers automatically on SystemV
; printcap name = lpstat
; printing = cups
 
# --------------------------- Filesystem Options ---------------------------
#
# The following options can be uncommented if the filesystem supports
# Extended Attributes and they are enabled (usually by the mount option
# user_xattr). Thess options will let the admin store the DOS attributes
# in an EA and make samba not mess with the permission bits.
#
# Note: these options can also be set just per share, setting them in global
# makes them the default for all shares
 
; map archive = no
; map hidden = no
; map read only = no
; map system = no
; store dos attributes = yes
 
 
#============================ Share Definitions ==============================
 
[homes]
comment = Home Directories
browseable = no
writeable = yes
; valid users = %S
; valid users = MYDOMAIN\%S
 
[printers]
comment = All Printers
path = /var/spool/samba
browseable = no
; guest ok = no
; writeable = no
printable = yes
 
# Un-comment the following and create the netlogon directory for Domain Logons
; [netlogon]
; comment = Network Logon Service
; path = /var/lib/samba/netlogon
; guest ok = yes
; writable = no
; share modes = no
 
 
# Un-comment the following to provide a specific roving profile share
# the default is to use the user's home directory
; [Profiles]
; path = /var/lib/samba/profiles
; browseable = no
; guest ok = yes
 
 
# A publicly accessible directory, but read only, except for people in
# the "staff" group
; [public]
; comment = Public Stuff
; path = /home/samba
; public = yes
; writable = yes
; printable = no
; write list = +staff
 
# This shares rosanne for read/write access to all members of the group
# rmusel and forces the ownership of all files written to this directory
# to be owned by user rmusel and group rmusel
 
[rosanne]
comment = Rosanne's Directory
path = /rosanne
writeable = yes
guest ok = yes
; printable = no
write list = @rmusel
force group = rmusel
force user = rmusel
 
# This one shares the /mp3 directory to all users therefore
# allowing all machines on the internal network to access music.
[mp3]
comment = MP3 Server
path = /mp3
writeable = yes
guest ok = yes
; printable = no
read list = rmusel, player
create mask = 774 # sets -rwxrwxr-- permission
 
# This one shares the /data directory to members of the apape group for
# read/write access and to all other users for read access only.
[data]
comment = Data directory
path = /data
guest ok = yes
writeable = yes
; printable = no
write list = @apape
create mask = 774 # sets -rwxrwxr-- permission
 
Old 06-11-2008, 05:03 AM   #2
billymayday
LQ Guru
 
Registered: Mar 2006
Location: Sydney, Australia
Distribution: Fedora, CentOS, OpenSuse, Slack, Gentoo, Debian, Arch, PCBSD
Posts: 6,678

Rep: Reputation: 122Reputation: 122
It's probably SELinux - try it with it off

setenforce 0

and if that works, put it back on (setenforce 1), then read the SELinux notes in your config
 
Old 06-12-2008, 06:04 PM   #3
djsting
LQ Newbie
 
Registered: Jun 2008
Posts: 16

Original Poster
Rep: Reputation: 0
It does appear as though SELinux is in part the issue.
I just found some additional info! It looks like Samba is alright, it's SELinux that is the issue. Without disabling it all together, how do I resolve this? Yes, I know that there's a line there stating how to fix it...that's only for this one file though, I need this resolved for ALL files already on the file server as well as ALL files that will be placed on it in the future. Here's the info from the SELinux Troubleshooter log.

Summary
SELinux is preventing samba (/usr/sbin/smbd) "rename" to New Text Document.txt (root_t).

Detailed Description
SELinux denied samba access to New Text Document.txt. If you want to share this directory with samba it has to have a file context label of samba_share_t. If you did not intend to use New Text Document.txt as a samba repository it could indicate either a bug or it could signal a intrusion attempt.A

llowing Access
You can alter the file context by executing chcon -R -t samba_share_t New Text Document.txt

The following command will allow this access:chcon -R -t samba_share_t New Text Document.txt

Additional Information
Source Context: system_u:system_r:smbd_t
Target Context: system_ubject_r:root_t
Target Objects: New Text Document.txt [ file ]
Affected RPM Packages: samba-3.0.25b-1.el5_1.4 [application]
Policy RPM: selinux-policy-2.4.6-106.el5_1.3
Selinux Enabled: True
Policy Type: targeted
MLS Enabled: True
Enforcing Mode: Enforcing
Plugin Name: plugins.samba_share
Host Name: warehouse.apape.net
Platform: Linux warehouse.apape.net 2.6.18-53.1.21.el5 #1 SMP Tue May 20 09:34:18 EDT 2008 i686 i686
Alert Count: 6
Line Numbers:
Raw Audit Messages :
avc: denied { rename } for comm="smbd" dev=dm-0 egid=500 euid=500 exe="/usr/sbin/smbd" exit=-13 fsgid=500 fsuid=500 gid=0 items=0 name=4E6577205465787420446F63756D656E742E747874 pid=11516 scontext=system_u:system_r:smbd_t:s0 sgid=0 subj=system_u:system_r:smbd_t:s0 suid=0 tclass=file tcontext=system_ubject_r:root_t:s0 tty=(none) uid=500
 
Old 06-12-2008, 06:13 PM   #4
billymayday
LQ Guru
 
Registered: Mar 2006
Location: Sydney, Australia
Distribution: Fedora, CentOS, OpenSuse, Slack, Gentoo, Debian, Arch, PCBSD
Posts: 6,678

Rep: Reputation: 122Reputation: 122
Guessing a bit here, but let's see how we go. Assume the directory you are working on in /smb

#chcon -t samba_share_t /smb

and either

#chcon -t samba_share_t /smb/*

or

#restorecon /smb

I think that should fix both current and future problems.

If not, you can turn SELinux off for samba with setsebool -P spamd_disable_trans 1

Last edited by billymayday; 06-12-2008 at 06:15 PM. Reason: Added content
 
Old 06-12-2008, 06:27 PM   #5
djsting
LQ Newbie
 
Registered: Jun 2008
Posts: 16

Original Poster
Rep: Reputation: 0
Quote:
Originally Posted by billymayday View Post
Guessing a bit here, but let's see how we go. Assume the directory you are working on in /smb

#chcon -t samba_share_t /smb

and either

#chcon -t samba_share_t /smb/*

or

#restorecon /smb

I think that should fix both current and future problems.

If not, you can turn SELinux off for samba with setsebool -P spamd_disable_trans 1
A couple questions..can you please tell me what each of the above *con commands does? How will this fix issues with any new files placed on the shares?

I know nothing about SELInux.
 
Old 06-12-2008, 06:49 PM   #6
billymayday
LQ Guru
 
Registered: Mar 2006
Location: Sydney, Australia
Distribution: Fedora, CentOS, OpenSuse, Slack, Gentoo, Debian, Arch, PCBSD
Posts: 6,678

Rep: Reputation: 122Reputation: 122
I'm no expert either, but manage to work within it. See http://fedoraproject.org/wiki/SELinux for a great resource on the whole concept.

From the samba config (or at least mine)

Quote:
#---------------
# SELINUX NOTES:
#
# If you want to use the useradd/groupadd family of binaries please run:
# setsebool -P samba_domain_controller on
#
# If you want to share home directories via samba please run:
# setsebool -P samba_enable_home_dirs on
#
# If you create a new directory you want to share you should mark it as
# "samba-share_t" so that selinux will let you write into it.
# Make sure not to do that on system directories as they may already have
# been marked with othe SELinux labels.
#
# Use ls -ldZ /path to see which context a directory has
#
# Set labels only on directories you created!
# To set a label use the following: chcon -t samba_share_t /path
#
# If you need to share a system created directory you can use one of the
# following (read-only/read-write):
# setsebool -P samba_export_all_ro on
# or
# setsebool -P samba_export_all_rw on
Edit - you can check the context of any dile/directory prior to changing it with the -Z argument to ls (ie ls -lZ gives long format with context)

Last edited by billymayday; 06-12-2008 at 06:50 PM.
 
Old 06-12-2008, 10:15 PM   #7
djsting
LQ Newbie
 
Registered: Jun 2008
Posts: 16

Original Poster
Rep: Reputation: 0
Looks like everything with SELinux is all good now. Although I do still have an issue with access to one share. The /data and /mp3 are working perfectly (even with SELinux turned on) as best as I can tell, even my Mame system with the user that has no password is working now! On the other hand the /rosanne share will not allow any access by any user (even rmusel who is the owner) what so ever!

In case anyone asks what the ownership of this directory is, here it is:

drwxr-xr-x 6 rmusel rmusel 4096 Jun 7 23:35 rosanne

So as you can see the ownership is correct as is the set up in the smb.conf to the best of my knowledge. Any thoughts/ideas how to resolve this?
 
Old 06-12-2008, 11:47 PM   #8
billymayday
LQ Guru
 
Registered: Mar 2006
Location: Sydney, Australia
Distribution: Fedora, CentOS, OpenSuse, Slack, Gentoo, Debian, Arch, PCBSD
Posts: 6,678

Rep: Reputation: 122Reputation: 122
Try

setsebool -P spamd_enable_home_dirs 1

if you are talking about /home/rosanne
 
Old 06-13-2008, 09:41 AM   #9
djsting
LQ Newbie
 
Registered: Jun 2008
Posts: 16

Original Poster
Rep: Reputation: 0
Nope, not talking about /home/rosanne talking about /rosanne and I've already enabled homes by using

setsebool -P samba_enable_home_dirs on

My smb.conf file is in my first post above if that would help any.
 
Old 06-13-2008, 04:03 PM   #10
billymayday
LQ Guru
 
Registered: Mar 2006
Location: Sydney, Australia
Distribution: Fedora, CentOS, OpenSuse, Slack, Gentoo, Debian, Arch, PCBSD
Posts: 6,678

Rep: Reputation: 122Reputation: 122
Not sure if this is the cause, but you're setting a goup level write list, but the group doesn't have write permissions to the directory. I know you are forcing the use, hence my doubt.

I'd still try either setting write list = rmusel or chmod'ing g+w to /rosanne and see what happens.

Anything in the logs?

Also - is /rosanne on the same partition as the other working shares?

Check ls -lZ /rosanne as well
 
Old 06-14-2008, 09:58 AM   #11
djsting
LQ Newbie
 
Registered: Jun 2008
Posts: 16

Original Poster
Rep: Reputation: 0
The fact that /rosanne does not have write permission for the group should not matter especially since nobody even has read access. This directory is set up the same as the other shares which are working properly, below is the output of an ll command (as per the smb.conf the other shares are /data and /mp3):

Code:
[root@warehouse /]# ll
total 218
drwxr-xr-x   2 root   root    4096 Jun  7 18:51 bin
drwxr-xr-x   4 root   root    1024 Jun  8 14:46 boot
drwxr-xr-x  33 apape  apape   4096 Jun 12 20:47 data
drwxr-xr-x   2 root   root    4096 Jun  7 14:33 data2
drwxr-xr-x  12 root   root    4020 Jun  9 18:47 dev
drwxr-xr-x 111 root   root   12288 Jun  9 04:04 etc
drwxr-xr-x   6 root   root    4096 Jun  7 14:30 home
lrwxrwxrwx   1 root   root      50 Jun  4 17:38 jawt.h -> /usr/lib/jvm/java-1.4.2-gcj-1.4.2.0/include/jawt.h
lrwxrwxrwx   1 root   root      59 Jun  4 17:38 jawt_md.h -> /usr/lib/jvm/java-1.4.2-gcj-1.4.2.0/include/linux/jawt_md.h
lrwxrwxrwx   1 root   root      49 Jun  4 17:38 jni.h -> /usr/lib/jvm/java-1.4.2-gcj-1.4.2.0/include/jni.h
lrwxrwxrwx   1 root   root      52 Jun  4 17:38 jni_md.h -> /usr/lib/jvm/java-1.4.2-gcj-1.4.2.0/include/jni_md.h
drwxr-xr-x  14 root   root    4096 Jun  7 18:43 lib
drwx------   2 root   root   16384 Jun  4 17:11 lost+found
drwxr-xr-x   2 root   root    4096 Jun  5 22:02 media
drwxr-xr-x   2 root   root       0 Jun  8 16:52 misc
drwxr-xr-x   2 root   root    4096 Mar 29  2007 mnt
drwxr-xr-x 467 apape  apape  20480 Jun 12 20:47 mp3
drwxr-xr-x   2 root   root    4096 Jun  7 14:34 mp32
drwxr-xr-x   2 root   root       0 Jun  8 16:52 net
drwxr-xr-x   2 root   root    4096 Mar 29  2007 opt
dr-xr-xr-x 179 root   root       0 Jun  8 16:51 proc
drwxr-x---  19 root   root    4096 Jun 12 21:08 root
drwxr-xr-x   6 rmusel rmusel  4096 Jun  7 23:35 rosanne
drwxr-xr-x   2 root   root    4096 Jun  7 14:34 rosanne2
drwxr-xr-x   2 root   root   12288 Jun  9 04:04 sbin
drwxr-xr-x   4 root   root       0 Jun  8 16:51 selinux
drwxr-xr-x   2 root   root    4096 Mar 29  2007 srv
drwxr-xr-x  11 root   root       0 Jun  8 16:51 sys
drwxrwxrwt  13 root   root    4096 Jun 12 21:07 tmp
drwxr-xr-x  14 root   root    4096 Jun  4 17:27 usr
drwxr-xr-x  26 root   root    4096 Jun  4 17:49 var
[root@warehouse /]#
What log(s) would you like to see info from? Also, here's the output of an ls -lZ command as requested:

Code:
[root@warehouse /]# ls -lZ
drwxr-xr-x  root   root   system_u:object_r:bin_t          bin
drwxr-xr-x  root   root   system_u:object_r:boot_t         boot
drwxr-xr-x  apape  apape  root:object_r:samba_share_t      data
drwxr-xr-x  root   root   system_u:object_r:device_t       dev
drwxr-xr-x  root   root   system_u:object_r:etc_t          etc
drwxr-xr-x  root   root   system_u:object_r:home_root_t    home
lrwxrwxrwx  root   root   system_u:object_r:root_t         jawt.h -> /usr/lib/jvm/java-1.4.2-gcj-1.4.2.0/include/jawt.h
lrwxrwxrwx  root   root   system_u:object_r:root_t         jawt_md.h -> /usr/lib/jvm/java-1.4.2-gcj-1.4.2.0/include/linux/jawt_md.h
lrwxrwxrwx  root   root   system_u:object_r:root_t         jni.h -> /usr/lib/jvm/java-1.4.2-gcj-1.4.2.0/include/jni.h
lrwxrwxrwx  root   root   system_u:object_r:root_t         jni_md.h -> /usr/lib/jvm/java-1.4.2-gcj-1.4.2.0/include/jni_md.h
drwxr-xr-x  root   root   system_u:object_r:lib_t          lib
drwx------  root   root   system_u:object_r:file_t         lost+found
drwxr-xr-x  root   root   system_u:object_r:mnt_t          media
drwxr-xr-x  root   root   system_u:object_r:autofs_t       misc
drwxr-xr-x  root   root   system_u:object_r:mnt_t          mnt
drwxr-xr-x  apape  apape  root:object_r:samba_share_t      mp3
drwxr-xr-x  root   root   system_u:object_r:autofs_t       net
drwxr-xr-x  root   root   system_u:object_r:usr_t          opt
dr-xr-xr-x  root   root   system_u:object_r:proc_t         proc
drwxr-x---  root   root   root:object_r:user_home_dir_t    root
drwxr-xr-x  rmusel rmusel root:object_r:samba_share_t      rosanne
drwxr-xr-x  root   root   system_u:object_r:sbin_t         sbin
drwxr-xr-x  root   root   system_u:object_r:security_t     selinux
drwxr-xr-x  root   root   system_u:object_r:var_t          srv
drwxr-xr-x  root   root   system_u:object_r:sysfs_t        sys
drwxrwxrwt  root   root   system_u:object_r:tmp_t          tmp
drwxr-xr-x  root   root   system_u:object_r:usr_t          usr
drwxr-xr-x  root   root   system_u:object_r:var_t          var
You have new mail in /var/spool/mail/root
[root@warehouse /]#
 
Old 06-14-2008, 08:00 PM   #12
billymayday
LQ Guru
 
Registered: Mar 2006
Location: Sydney, Australia
Distribution: Fedora, CentOS, OpenSuse, Slack, Gentoo, Debian, Arch, PCBSD
Posts: 6,678

Rep: Reputation: 122Reputation: 122
Quote:
The fact that /rosanne does not have write permission for the group should not matter especially since nobody even has read access. This directory is set up the same as the other shares which are working properly
Not quite sure what you mean that nobody has read access. Anyone has read access at the OS level, and the supposed action of your share definition would be to give anyone in the rmusel group write access (which implies read btw). Samba can do some apparently odd things and allowing rights to a group that the directory won't allow may (and I stress may rather than will) could be the issue.

Things I'd try.

Change

"write list = @rmusel" to "write list = rmusel"

Try a definition you know works and adjust that, do something like

Code:
[roseanne]
comment = Copy of MP3 Server
path = /roseanne
writeable = yes
guest ok = yes
; printable = no
read list = rmusel
create mask = 774 # sets -rwxrwxr-- permission
Then add controls one by one

Also, you didn't answer the partition issue - is /roseanne on the same partition/moint point as /mp3? "mount" will tell you
 
Old 06-15-2008, 10:27 AM   #13
djsting
LQ Newbie
 
Registered: Jun 2008
Posts: 16

Original Poster
Rep: Reputation: 0
By 'nobody has access' I mean via Samba nobody has any access at all, not even to read the share. When anybody, even rmusel, attempts to access /rosanne from a Windows system via Samba they get an error something like '\\warehouse\rosanne not available....you may not have permission.....check with your administrator....the group name could not be found.'

After changing "write list = @rmusel" to "write list = rmusel" the same kind of error is being thrown as above (yes, I did restart the smb serveice after making the change).

The definitions for /rosanne are near identical to those of /data already. I'll do a chmod on /rosanne to 774 and see if that helps any.

Here's the output of the the mount command:

Code:
[root@warehouse /]# mount
/dev/mapper/VolGroup00-LogVol00 on / type ext3 (rw)
proc on /proc type proc (rw)
sysfs on /sys type sysfs (rw)
devpts on /dev/pts type devpts (rw,gid=5,mode=620)
/dev/sda1 on /boot type ext3 (rw)
tmpfs on /dev/shm type tmpfs (rw)
none on /proc/sys/fs/binfmt_misc type binfmt_misc (rw)
sunrpc on /var/lib/nfs/rpc_pipefs type rpc_pipefs (rw)
nfsd on /proc/fs/nfsd type nfsd (rw)
You have new mail in /var/spool/mail/root
[root@warehouse /]#
 
Old 06-15-2008, 10:30 AM   #14
djsting
LQ Newbie
 
Registered: Jun 2008
Posts: 16

Original Poster
Rep: Reputation: 0
Update: I did chmod on /rosanne to 774 and am getting the same results.
 
Old 06-15-2008, 04:56 PM   #15
billymayday
LQ Guru
 
Registered: Mar 2006
Location: Sydney, Australia
Distribution: Fedora, CentOS, OpenSuse, Slack, Gentoo, Debian, Arch, PCBSD
Posts: 6,678

Rep: Reputation: 122Reputation: 122
Did you try a revised share definition as suggested?
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Samba Config/Permissions tntcoder Linux - Networking 1 06-19-2006 10:54 PM
Samba domain member server (DMS) group permissions in network with a Samba PDC srosa Linux - Networking 0 05-01-2006 06:55 PM
Webmin cannot handle Samba config files that use the config or include directives allelopath Linux - Networking 3 01-18-2005 10:36 AM
SAMBA says 'Samba Server is not accebile, you might have no permissions' Ahmad Gurchani Linux - General 1 01-01-2005 11:34 AM
possible samba config problem or network config issue? rruffin Linux - Networking 3 06-03-2003 05:04 PM


All times are GMT -5. The time now is 08:51 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration