LinuxQuestions.org
Did you know LQ has a Linux Hardware Compatibility List?
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices

Reply
 
Search this Thread
Old 08-17-2011, 07:49 AM   #1
sourabhmaggo
LQ Newbie
 
Registered: Aug 2011
Posts: 5

Rep: Reputation: Disabled
SAMBA Permissions issue


Hello guys,

I am newbie for linux. Actually i am looking to create SAMBA server. Samba is working fine but i am having problems in SHARE permissions. I have created an share named "Infosystems" and multiple samba users "admin" and "test" and "test1", "test2" and so on. The mode for Infosystem share is 777 for root user.

In smb.conf i have created entry as:

[InfoSystem]
comment = InfoSystem
path = /home/InfoSystem
public = yes
browseable = yes
writable = yes
valid users = admin,test,test1,test2
create mask = 0660
Directory mask = 0770

The create mask and directory mask entry i had done by one of the thread of this forum.

http://www.linuxquestions.org/questi...roblem-408177/

I want my admin user to have all the rights on files and directories being created in INFOSYSTEM share, but all other users must have only read permission and write permission. But i am not able to do so.

Can anyone help me out in this matter.
 
Old 08-17-2011, 11:26 AM   #2
Annielover
Member
 
Registered: May 2011
Location: Belgium
Distribution: Ubuntu Server Edition, Fedora 16
Posts: 90

Rep: Reputation: 8
First of all you can't have "public = yes" in a share that requires authentication... "public = yes" is a synonym for "guest ok = yes", and guests are incompatible with "valid users".
Make root owner of the shared folder typing
Code:
sudo chown root:users [PATH_TO_SHARED_FOLDER]
Change "create mask = 0660" to "create mask = 0665"
 
Old 08-17-2011, 07:59 PM   #3
frankbell
Guru
 
Registered: Jan 2006
Location: Virginia, USA
Distribution: Slackware, Mageia, Mint
Posts: 7,639

Rep: Reputation: 1445Reputation: 1445Reputation: 1445Reputation: 1445Reputation: 1445Reputation: 1445Reputation: 1445Reputation: 1445Reputation: 1445Reputation: 1445
Here's the most useful Samba reference I've found:

http://www.samba.org/samba/docs/Samba3-ByExample.pdf
 
Old 08-18-2011, 12:13 AM   #4
sourabhmaggo
LQ Newbie
 
Registered: Aug 2011
Posts: 5

Original Poster
Rep: Reputation: Disabled
To Annielover

This is the result of ownership on INfoSystem folder. I think root is the owner of this folder.

drwxrwxrwx. 7 root root 4096 Aug 18 10:33 InfoSystem

In addition i have chnged my smb.conf file according to your said as:

[InfoSystem]
comment = InfoSystem
path = /home/InfoSystem
# public = yes
browseable = yes
writable = yes
valid users = admin,test,test1,test2
create mask = 0665
Directory mask = 0770

and then restarted the samba service. But still when i am accessing the samba share in windows by my IP address and using credentials of admin user. And when i created an folder then this folder is not accessible by any other samba user like test, test1 and test2. I want this type of permission that my admin user will be only allowed to delete the new folders being created and other users can only access and write on these folders but cant delete any file from the subfolders within the INFOSYSTEM share.

Thanks.
 
Old 08-18-2011, 01:36 AM   #5
Annielover
Member
 
Registered: May 2011
Location: Belgium
Distribution: Ubuntu Server Edition, Fedora 16
Posts: 90

Rep: Reputation: 8
Can you access the samba share using root account en create a folder as you did before? Then login into your server and post a long list using
Code:
ls -l
of the content of the INfoSystem folder?
 
Old 08-18-2011, 06:29 AM   #6
sourabhmaggo
LQ Newbie
 
Registered: Aug 2011
Posts: 5

Original Poster
Rep: Reputation: Disabled
Annielover thanks for ur responses but still i am facing problem.

Hey look i have created an samba share as CISPL and its status is as :

drwxr-xr-x. 8 root root 4096 Aug 18 15:17 CISPL

In addition i created following shares within CISPL and their status by default is as:

drwxr-xr-x. 2 root root 4096 Aug 18 15:17 BD
drwxr-xr-x. 2 root root 4096 Aug 18 15:16 Corporate
drwxr-xr-x. 3 root root 4096 Aug 18 16:30 InfoSystem
drwxr-xr-x. 2 root root 4096 Aug 18 15:17 Marketing
drwxr-xr-x. 2 root root 4096 Aug 18 15:17 Operation
drwxr-xr-x. 2 root root 4096 Aug 18 15:17 Trainee

My smb.conf file is as :

[CISPL]
comment = CISPL
path = /CISPL
valid users = admin
read only = No

[Corporate]
comment = Corporate
path = /CISPL/Corporate
valid users = admin, rakesh, arghya, triveni
read only = No

[Marketing]
comment = Marketing
path = /CISPL/Marketing
valid users = admin, rakesh, arghya, triveni
read only = No

[BD]
comment = BD
path = /CISPL/BD
valid users = admin, rakesh, amitsharma, arghya
read only = No

[Operation]
comment = Operation
path = /CISPL/Operation
valid users = admin, rakesh, amitsharma, arghya
read only = No

[InfoSystem]
comment = InfoSystem
path = /CISPL/InfoSystem
valid users = admin, sourabh, tayyab, arghya
read only = No

[Trainee]
comment = Trainee
path = /CISPL/Trainee
valid users = admin, pooja, shubhi, arghya, tayyab, sourabh
read only = No

My first level security is working fine as only valid users are able to access the specific directory.
Now i am moving for 2nd level security that i want only root user to create folders within these shares but valid users can neither create new folder in these share nor they can delete folders created by root user. Now this is default policy that when we create new folder from root it give 755 mask to that folder.
For eg i created Asset folder in Infosystem samba share. and its ownership is as:

drwxr-xr-x. 2 root root 4096 Aug 18 16:48 Assets

Now my 2nd level security is also completed that i am unable to create new folder in INFOSYSTEM share from some valid user other than root. I can access the folder ASSETS created by root but i am not able to delete or write in this folder. Delete is ok i dont want even any valid user to delete the file other than root but i want valid user to atleast write in ASSET directory but i am not able to do so. Just help me out in this 3rd level of security u can say. Hope to get the solution ......
 
Old 08-19-2011, 02:42 PM   #7
Annielover
Member
 
Registered: May 2011
Location: Belgium
Distribution: Ubuntu Server Edition, Fedora 16
Posts: 90

Rep: Reputation: 8
Actually, I don't understand a part of your story: you want only root users to create new folders within the shares, right? And then your saying that other users cannot create folders in the shares, but that's okay, no? You only wanted root to be able to create new folders, right?

And indeed, if we look at the ASSESTS folder, only root has full control and other users can only read/write. Because you set the mask to 0755. If you change the mask to 0777, then other users are also able to write in that folder.

Now, you can change the user rights of the assests folder using
Code:
chmod
So i.e.
Code:
sudo chmod -R 777 Assests
 
Old 08-19-2011, 11:25 PM   #8
sourabhmaggo
LQ Newbie
 
Registered: Aug 2011
Posts: 5

Original Poster
Rep: Reputation: Disabled
Yup right you understood it that i want only root user to create new directories within the shares with valid users able to read/write in these folders created by root, they should not be able to delete any file.

Exactly i want to say that i will create only specific folders within the INFOSYSTEM share. For eg. suppose i will create 2 folders ASSETS and IT POLICIES. Now i want each and every valid user to only work in these directories. Means they can write and read from these 2 directories ASSETS and IT POLICIES but they can't delete from these 2 directories ASSETS and IT POLICIES. In addition neither they can create any directory in INFOSYSTEM share other than these 2 directories created from root user.
 
Old 08-20-2011, 12:13 AM   #9
sourabhmaggo
LQ Newbie
 
Registered: Aug 2011
Posts: 5

Original Poster
Rep: Reputation: Disabled
As per your said i have chmod the ASSETS directory to 777. Now valid user is able to read and write from the ASSETS directory. But he is also able to delete the work done by other valid user in same ASSET directory. I just want the creater to delete his own work.

Last edited by sourabhmaggo; 08-20-2011 at 02:11 AM.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Issues with Samba server (Permissions issue) jdw52 Linux - Server 1 02-26-2009 02:58 AM
permissions issue with Samba and CentOS 5.2 hotrock3 Linux - Networking 4 01-10-2009 08:59 PM
Samba Permissions Issue... I'm So Close, Please Help! balzack Debian 11 02-21-2006 08:53 AM
Another samba permissions issue... but at least I searched! gauge73 Linux - Networking 11 08-05-2005 06:32 PM
Samba shares permissions issue jamespetts Linux - Software 19 04-19-2003 02:51 AM


All times are GMT -5. The time now is 01:46 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration