LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Server (http://www.linuxquestions.org/questions/linux-server-73/)
-   -   Samba Share Server Permission Help (http://www.linuxquestions.org/questions/linux-server-73/samba-share-server-permission-help-655700/)

carlosinfl 07-14-2008 01:57 PM

Samba Share Server Permission Help
 
I have a single server on my LAN that is a Samba file server [10.1.1.199].

This machine has 2 shares. One is the "it" share which I want authentication on. I don't want anyone to be able to access and or browse this share unless you're a member of the "admin" group.

Then I have a second share which is called "perfwg" share which I want to be public and open to anyone (read or write).

Is this possible to do? Have one share authenticated and another share open?

Here is my smb.conf

Code:

# ----------------------- Standalone Server Options ------------------------
#
# Security can be set to user, share(deprecated) or server(deprecated)
#
# Backend to store user information in. New installations should
# use either tdbsam or ldapsam. smbpasswd is available for backwards
# compatibility. tdbsam requires no further configuration.

        security = user
        passdb backend = tdbsam


# A file share for the IDE I.T. Dept.
[it]
comment = I.T. Share
path = /share/it
public = no
writable = yes
browseable = yes
printable = no
create mask = 0770
directory mask = 0770
force group = admin

# A file share for the Performance WG.
[perfwg]
comment = Performance WG Share
path = /share/perfwg
public = yes
writable = yes
browseable = yes
printable = no
create mask = 0775
directory mask = 0775
security = share

I have the permissions for the /share folder that homes both the "it" & "perfwg" folders (shares)

Code:

[root@fback share]# ls -la
total 24
drwxrwx---  4 root admin 4096 Jul 14 14:30 .
drwxr-xr-x 24 root root      4096 Jul 11 10:58 ..
drwxrws---  6 root admin 4096 Jul 14 14:29 it
drwxrwxrwx  2 root root      4096 Jul 14 14:25 perfwg

Anyone know how to make this work?

allend 07-15-2008 08:35 AM

http://www.samba.org/samba/docs/man/...rols.html#ugbc

carlosinfl 07-15-2008 08:43 AM

Quote:

Originally Posted by allend (Post 3215141)

Thanks for the link. I am looking for the obvious entry to apply and I assume I need to add:

Code:

# A file share for the Performance WG.
[perfwg]
comment = Performance WG Share
path = /share/perfwg
public = yes
writable = yes
browseable = yes
printable = no
create mask = 0775
directory mask = 0775
guest ok = yes

Is that correct?

carlmarshall 07-15-2008 09:17 AM

Putting the line:

guest ok = yes

will allow anyone into the perfwg share without a password. However this will not stop authenticated users from accessing the it share. Add to the it share:

valid users = @itstaff

assuming that the I.T. staff are all members of the itstaff group, alternatively you can specify individuals e.g.:

valid users = fred mary joe ann

Carl.

carlosinfl 07-15-2008 09:46 AM

When I add the following to the perfwg share only:

guest ok = yes

I then restart Samba and when I try to access the share from a Windows XP machine, I am still prompted for a username & password.

I want the "perfwg" share to be an open share meaning that anyone w/o a shell account or an account on the Linux/Samba server can browse the share.
The "it" share however can only be accessed by people who have an actual Linux shell account on that box and also are members of the "admin" group.

Is this not possible?

carlmarshall 07-16-2008 03:50 AM

Here's how I have mine set which works fine and does what you seem to be after.

[public]
comment = Publicly Accessible Storage
path = /data/public
admin users = nobody
force user = allusers
force group = users
guest ok = yes

[private]
comment = Private Storage Area
path = /data/private
force user = allusers
force group = users
valid users = @admins

The system user "allusers" beolongs to the system group of "users" and has rwx rights on the /data directory and the 2 subdirectories.

System accounts for the administrators belong to the "users" and the "admins" group.

Make sure you add smbpasswds for the administrators of course.

I did notice one anomaly though. If a member of the admins group has the wrong password, they can't access the public area either.

Carl.

carlosinfl 07-16-2008 07:01 AM

I guess I am just not understanding this...

I have two shares. Both shares are located in the /share/ directory.

Code:

drwxrwxrwx  4 root    root      4096 Jul 14 14:30 .
drwxr-xr-x 24 root    root      4096 Jul 11 10:58 ..
drwxrws---  6 root    ctia_admin 4096 Jul 14 14:29 it
drwxrwxrwx  2 allusers users      4096 Jul 14 14:25 perfwg

Now when I try to access the share from a Windows XP machine as \\server\perfwg - I am prompted for a username & password still. The /share directory has 777 access even though it is owned by root:root. Then the perfwg share (public) also has 777 and is owned by a account I created "allusers:users".

I guess I am still missing something.


All times are GMT -5. The time now is 12:53 AM.