LinuxQuestions.org
Did you know LQ has a Linux Hardware Compatibility List?
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Server
User Name
Password
Linux - Server This forum is for the discussion of Linux Software used in a server related context.

Notices

Reply
 
Search this Thread
Old 07-14-2008, 01:57 PM   #1
carlosinfl
Senior Member
 
Registered: May 2004
Location: Orlando, FL
Distribution: Debian
Posts: 2,896

Rep: Reputation: 73
Samba Share Server Permission Help


I have a single server on my LAN that is a Samba file server [10.1.1.199].

This machine has 2 shares. One is the "it" share which I want authentication on. I don't want anyone to be able to access and or browse this share unless you're a member of the "admin" group.

Then I have a second share which is called "perfwg" share which I want to be public and open to anyone (read or write).

Is this possible to do? Have one share authenticated and another share open?

Here is my smb.conf

Code:
# ----------------------- Standalone Server Options ------------------------
#
# Security can be set to user, share(deprecated) or server(deprecated)
#
# Backend to store user information in. New installations should 
# use either tdbsam or ldapsam. smbpasswd is available for backwards 
# compatibility. tdbsam requires no further configuration.

        security = user
        passdb backend = tdbsam


# A file share for the IDE I.T. Dept.
[it]
comment = I.T. Share
path = /share/it
public = no
writable = yes
browseable = yes
printable = no
create mask = 0770
directory mask = 0770
force group = admin

# A file share for the Performance WG.
[perfwg]
comment = Performance WG Share
path = /share/perfwg
public = yes
writable = yes
browseable = yes
printable = no
create mask = 0775
directory mask = 0775
security = share
I have the permissions for the /share folder that homes both the "it" & "perfwg" folders (shares)

Code:
[root@fback share]# ls -la
total 24
drwxrwx---  4 root admin 4096 Jul 14 14:30 .
drwxr-xr-x 24 root root       4096 Jul 11 10:58 ..
drwxrws---  6 root admin 4096 Jul 14 14:29 it
drwxrwxrwx  2 root root       4096 Jul 14 14:25 perfwg
Anyone know how to make this work?
 
Old 07-15-2008, 08:35 AM   #2
allend
Senior Member
 
Registered: Oct 2003
Location: Melbourne
Distribution: Slackware-current
Posts: 3,407

Rep: Reputation: 834Reputation: 834Reputation: 834Reputation: 834Reputation: 834Reputation: 834Reputation: 834
http://www.samba.org/samba/docs/man/...rols.html#ugbc
 
Old 07-15-2008, 08:43 AM   #3
carlosinfl
Senior Member
 
Registered: May 2004
Location: Orlando, FL
Distribution: Debian
Posts: 2,896

Original Poster
Rep: Reputation: 73
Quote:
Originally Posted by allend View Post
Thanks for the link. I am looking for the obvious entry to apply and I assume I need to add:

Code:
# A file share for the Performance WG.
[perfwg]
comment = Performance WG Share
path = /share/perfwg
public = yes
writable = yes
browseable = yes
printable = no
create mask = 0775
directory mask = 0775
guest ok = yes
Is that correct?

Last edited by carlosinfl; 07-15-2008 at 08:46 AM.
 
Old 07-15-2008, 09:17 AM   #4
carlmarshall
Member
 
Registered: Jan 2004
Location: North Yorkshire, UK
Distribution: Centos 5
Posts: 133

Rep: Reputation: 16
Putting the line:

guest ok = yes

will allow anyone into the perfwg share without a password. However this will not stop authenticated users from accessing the it share. Add to the it share:

valid users = @itstaff

assuming that the I.T. staff are all members of the itstaff group, alternatively you can specify individuals e.g.:

valid users = fred mary joe ann

Carl.
 
Old 07-15-2008, 09:46 AM   #5
carlosinfl
Senior Member
 
Registered: May 2004
Location: Orlando, FL
Distribution: Debian
Posts: 2,896

Original Poster
Rep: Reputation: 73
When I add the following to the perfwg share only:

guest ok = yes

I then restart Samba and when I try to access the share from a Windows XP machine, I am still prompted for a username & password.

I want the "perfwg" share to be an open share meaning that anyone w/o a shell account or an account on the Linux/Samba server can browse the share.
The "it" share however can only be accessed by people who have an actual Linux shell account on that box and also are members of the "admin" group.

Is this not possible?
 
Old 07-16-2008, 03:50 AM   #6
carlmarshall
Member
 
Registered: Jan 2004
Location: North Yorkshire, UK
Distribution: Centos 5
Posts: 133

Rep: Reputation: 16
Here's how I have mine set which works fine and does what you seem to be after.

[public]
comment = Publicly Accessible Storage
path = /data/public
admin users = nobody
force user = allusers
force group = users
guest ok = yes

[private]
comment = Private Storage Area
path = /data/private
force user = allusers
force group = users
valid users = @admins

The system user "allusers" beolongs to the system group of "users" and has rwx rights on the /data directory and the 2 subdirectories.

System accounts for the administrators belong to the "users" and the "admins" group.

Make sure you add smbpasswds for the administrators of course.

I did notice one anomaly though. If a member of the admins group has the wrong password, they can't access the public area either.

Carl.
 
Old 07-16-2008, 07:01 AM   #7
carlosinfl
Senior Member
 
Registered: May 2004
Location: Orlando, FL
Distribution: Debian
Posts: 2,896

Original Poster
Rep: Reputation: 73
I guess I am just not understanding this...

I have two shares. Both shares are located in the /share/ directory.

Code:
drwxrwxrwx  4 root     root       4096 Jul 14 14:30 .
drwxr-xr-x 24 root     root       4096 Jul 11 10:58 ..
drwxrws---  6 root     ctia_admin 4096 Jul 14 14:29 it
drwxrwxrwx  2 allusers users      4096 Jul 14 14:25 perfwg
Now when I try to access the share from a Windows XP machine as \\server\perfwg - I am prompted for a username & password still. The /share directory has 777 access even though it is owned by root:root. Then the perfwg share (public) also has 777 and is owned by a account I created "allusers:users".

I guess I am still missing something.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Samba Printer Share = no permission SlowCoder Linux - Newbie 7 07-09-2007 08:23 PM
permission problem samba share 2nd suse server activeq Linux - Software 0 01-04-2007 07:30 AM
Samba - dont have permission to browse samba share. Scrag Linux - Software 4 11-28-2006 01:42 AM
Can't get RW permission on a mounted samba share darkangel12613 Linux - Software 6 08-31-2006 07:04 AM
Samba share permission issue cbekannan Linux - Security 4 03-11-2005 03:52 AM


All times are GMT -5. The time now is 02:49 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration