LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Newbie (http://www.linuxquestions.org/questions/linux-newbie-8/)
-   -   Write permission for group in samba share (http://www.linuxquestions.org/questions/linux-newbie-8/write-permission-for-group-in-samba-share-924069/)

mandyapenguin 01-16-2012 12:52 PM

Write permission for group in samba share
 
1 Attachment(s)
Hi..All,
I want to create samba share for a group with write permission for the group members by which the user can edit other files. For that I created folders with below permission
Code:

ls -l /samba/
total 12
drwxrws--- 3 kumar sambashare 4096 2012-01-16 23:33 kumar
drwxrwxrwx 2 root  root      4096 2012-01-16 23:43 public
drwxrws--- 4 roopa sambashare 4096 2012-01-16 23:50 roopa

Here I have enabled the SGID permission for kumar and roopa folders and also have set the umask permission as 002 in the /etc/profile file. Now if those users create files and folders in others directory after logging into the linux server the default permission will be 775 folders and 664 for the files. So it is working fine. But if they create files and folders from the windows machine, the files and folders not getting the write permission for the group even if they create it in their directory itself. And the permissions are like this for the files and folders which created by windows PCs
Code:

ls -l /samba/kumar/
total 12
drwxr-sr-x 2 kumar sambashare 4096 2012-01-16 23:33 kumar
drwxr-sr-x 2 kumar sambashare 4096 2012-01-17 00:10 new

ls -l /samba/kumar/kumar/
total 12
-rwxr--r-- 1 kumar sambashare 9867 2012-01-16 23:32 kumar.docx

Now roopa is unable to edit kumar.docx file, while roopa will be able to edit the files if kumar create the files in the linux server.
So please help me to enable automatic group write permissions.
Here is the smb.conf file details
Code:

[Public]
comment = Public Files
path = /samba/public
browseable = yes
guest ok = yes
read only = no
force user = admin

[Roopa]
comment = Personal Files
path = /samba/roopa
browseable = yes
guest ok = no
read only = no
valid users = roopa kumar

[Kumar]
comment = Personal Files
path = /samba/kumar
browseable = yes
guest ok = no
read only = no
valid users = roopa kumar

Please also find the attachment of smb.conf file and kindly assist me that how can I enable automatic group write permission for the new files and folders that to be created by the users called roopa and kumar

sag47 01-16-2012 03:21 PM

What's your OS? Do you have SELinux enabled? If you have SELinux enabled what context are your shares?

If you don't know how to answer those questions then you need to run the following commands.

OS?
Code:

uname -a
cat /etc/issue

SELinux enabled?
Code:

getenforce
Security context?
Code:

ls -Z /samba/roopa
It should have samba_share_t context on the folders.

If you have SELinux installed then you'll want to read the following man page.
Code:

man samba_selinux
Also here's my global section in my smb.conf.
Code:

[global]
        workgroup = WORKGROUP
        server string = home
        netbios name = stealth
        printing = cups
        printcap name = cups
        load printers = yes
        cups options = raw
        log file = /var/log/samba/%m.log
        log level = 0
        max log size = 150
        socket options = TCP_NODELAY
        preferred master = yes
        os level = 60
        time server = yes
        unix extensions = no
        wide links = yes
        veto files = /*.nws/riched20.dll/*.{*}/
        security = user
        passdb backend = tdbsam
        #username map script = /usr/share/hda-platform/hda-usermap
        large readwrite = yes
        encrypt passwords = yes
        dos charset = CP850
        unix charset = UTF8
        display charset =  LOCALE
        guest account = nobody
        map to guest = Bad User
        wins support = yes
        printer admin = root, @ntadmin, administrator

I usually enable the passdb to be tdbsam and then run the smbpasswd command to set/change a users password. That separates your smb credentials from the local /etc/passwd credentials. Mind you I run samba with SELinux enabled on Fedora 16 so you likely have a different setup.

mandyapenguin 01-16-2012 08:15 PM

Hl...Thanks for the reply sag47
I am sorry, I forgot to tell about the O/S
Code:

uname -a
Linux virtubuntu 2.6.38-8-generic #42-Ubuntu SMP Mon Apr 11 03:31:50 UTC 2011 i686 i686 i386 GNU/Linux

Code:

cat /etc/issue
Ubuntu 11.04 \n \l

Code:

getenforce
The program 'getenforce' is currently not installed.  You can install it by typing:
apt-get install selinux-utils

Code:

ls -Z /samba/roopa/
? kumar  ? test
ls -Z /samba/public/
ls -Z /samba/kumar/
? kumar  ? new  ? roopa

The samba is working fine, if roopa run the below command in the run window
Code:

\\ip_address_of_samba_server
from her windows machine she will get public, roopa and kumar folders and also can create her files and folders inside the kumar, roopa and public folders as well as kumar can create his files and folders in those 3 folders from his windows PC. But whenever they create, the group write permission is not coming for their files and folders.
But if roopa creates files and folders inside kumar folder after logging into samba server, then those files and folders becomes as sambashare group with write permission enabled. But it is not happening from the window PCs.
So please help me that how can I fix this problem.

deep27ak 01-16-2012 10:58 PM

I guess you have given the umask command from your shell

but in samba you need to mention the umask option in conf file

Code:

[Public]
comment = Public Files
path = /samba/public
browseable = yes
guest ok = yes
read only = no
force user = admin
create mask = 0775

[Roopa]
comment = Personal Files
path = /samba/roopa
browseable = yes
guest ok = no
read only = no
valid users = roopa kumar
create mask = 0775

[Kumar]
comment = Personal Files
path = /samba/kumar
browseable = yes
guest ok = no
read only = no
valid users = roopa kumar
create mask = 0775


mandyapenguin 01-17-2012 09:24 PM

Hi..Thanks Deeepak,
Code:

create mask = 0775
I added above entry in public, kumar and roopa section.
Now roopa can create files and folders from /samba/kumar folders as well as kumar can create files and folders in /samba/roopa folders while normal users can do it only with /samba/public folders.
But still both are unable to edit/create the file/folders which belongs to other even those directory is owned by sambashare group with write permission enabled. For example
Code:

ls -l /samba/kumar/
total 16
drwxr-sr-x 2 kumar sambashare 4096 2012-01-18 08:27 kumar
-rwxrw---- 1 kumar sambashare 9869 2012-01-18 08:27 kumar.docx
-rwxrw---- 1 kumar sambashare    0 2012-01-18 08:28 kumar.txt

the kumar directory is coming without write permission enbled whenever he creates so roopa will not be able to create files and folders inside /samba/kumar/kumar folder. And she should be able to write kumar.docx and kumar.txt files but she is unable to write. But she can create her own files and folders inside the /samba/kumar. Samething is happening for also kumar. All users roopa, kumar and other users able to read, write others files and folders which are in /samba/public folder.
Code:

ls -ld /samba/
drwxrwxr-x 5 root root 4096 2012-01-16 23:23 /samba/

Code:

ls -l /samba/
total 12
drwxrwsrwt 3 kumar sambashare 4096 2012-01-18 08:28 kumar
drwxrwxrwx 5 root  root      4096 2012-01-18 08:02 public
drwxrwsrwt 4 roopa sambashare 4096 2012-01-18 08:29 roopa

roopa and kumar still not able to edit/create files/folders in /samba/kumar/kumar/ and /samba/roopa/roopa respectively even after changing the create mask as 0777. Please see the below permissions
Code:

ls -l /samba/roopa/
total 8
drwxr-sr-x 2 kumar sambashare 4096 2012-01-18 08:28 kumar
drwxr-sr-x 2 roopa sambashare 4096 2012-01-18 08:30 roopa

ls -l /samba/roopa/roopa/
total 4
-rwxrw-rw- 1 roopa sambashare 0 2012-01-18 08:30 roopa.docx
-rwxrw-rw- 1 roopa sambashare 5 2012-01-18 08:30 roopa.txt

Here kumar also not able to edit/create file/folder inside the /samba/roopa/roopa/. But he can create his own files/folders only inside /samba/roopa
But both can edit/create if they login to linux box. Since I don't want to allow them to linux server I have given /usr/sbin/nologin shell. So they can not login to the server but they can create files/folders by accessing shared folders.
So please help me what can be done to allow roopa to edit/create file/folder inside /samba/kumar/kumar as well as to kumar to edit/create file/folder inside the /samba/roopa/roopa

sag47 01-18-2012 08:17 PM

Hi, there is a separate mask for directories.

Code:

        create mask = 0775
        force create mode = 0775
        directory mask = 0775
        force directory mode = 0775

That's from my smb.conf.

deep27ak 01-18-2012 10:06 PM

Quote:

Originally Posted by mandyapenguin (Post 4577442)
Hi..Thanks Deeepak,
Code:

create mask = 0775
I added above entry in public, kumar and roopa section.
Now roopa can create files and folders from /samba/kumar folders as well as kumar can create files and folders in /samba/roopa folders while normal users can do it only with /samba/public folders.
But still both are unable to edit/create the file/folders which belongs to other even those directory is owned by sambashare group with write permission enabled. For example
Code:

ls -l /samba/kumar/
total 16
drwxr-sr-x 2 kumar sambashare 4096 2012-01-18 08:27 kumar
-rwxrw---- 1 kumar sambashare 9869 2012-01-18 08:27 kumar.docx
-rwxrw---- 1 kumar sambashare    0 2012-01-18 08:28 kumar.txt


is roopa a member of sambashare?
as the above says that kumar is the owner and for others there is no permission but for sambshare group you have given write permission.

so you can give 0755 or I would say 1755 would be better.
Code:

#chmod -R 1750 /samba/kumar
now only the owner will have write permissions and group can read your file but will not be able to make any changes.


and honestly reading all those is confusing me:o
so it would be better if you can tell me in brief what type of permission implementation are you looking for?:cool:

mandyapenguin 01-19-2012 10:29 AM

Hi...Thank you sag.
Code:

create mask = 0775
force create mode = 0775
directory mask = 0775
force directory mode = 0775

I mentioned the above rules in the kumar, roopa and public sections. Now it is working fine. This is what I had expected that one of the group members need also edit, as well as delete for other files.
Code:

ls -lR /samba/kumar
/samba/kumar:
total 4
drwxrwsr-x 3 roopa sambashare 4096 2012-01-19 21:40 roopa

/samba/kumar/roopa:
total 16
drwxrwsr-x 2 kumar sambashare 4096 2012-01-19 21:41 kumar
-rwxrwxr-x 1 roopa sambashare 9865 2012-01-19 21:38 roopa.docx

/samba/kumar/roopa/kumar:
total 4
-rwxrwxr-x 1 kumar sambashare 16 2012-01-19 21:41 kumar.txt

Code:

ls -lR /samba/roopa/
/samba/roopa/:
total 8
drwxrwsr-x 2 kumar sambashare 4096 2012-01-19 21:43 kumar
drwxrwsr-x 3 roopa sambashare 4096 2012-01-19 21:41 roopa

/samba/roopa/kumar:
total 0

/samba/roopa/roopa:
total 8
drwxrwsr-x 2 kumar sambashare 4096 2012-01-19 21:42 kumar
-rwxrwxr-x 1 roopa sambashare  34 2012-01-19 21:42 roopa.txt

/samba/roopa/roopa/kumar:
total 8
-rwxrwxr-x 1 kumar sambashare 8168 2012-01-19 21:41 kumar.xlsx


mandyapenguin 01-19-2012 10:38 AM

Thanks Deepak,
Code:

#chmod -R 1750 /samba/kumar
Yes, you are correct, But one of the group members were asking also write permission to others files.
So I will make one more group and enables the sticky bit permission without write permission to the others of the group.

Once again thank you both and very very thanks to linuxquestions.org site.


All times are GMT -5. The time now is 11:59 PM.