Hi,
I need some help. I have a KDE 3.4 Server and 20 clients who access the shared folder in KDE 3.4. All the clients are Win XP. In my current configuration any user can access the files completely and can do modifications and delete the files but I want to provide authentication to few users who can have complete access and few who should have limited access.

I was thinking to use samba server for this but was not much sure about this. can anyone help me with this?

I want to know how i can give access to particular file or folder to a particular user?

How to add user so that the same user can access it in win xp client machine?

Looking forward for an early reply..

Anant

What version/distro of Linux are you using?? And have you checked any of the Samba how-to's and setup guides you can easily find with a Google search??

All of your questions are covered in those guides.
http://www.samba.org/samba/docs/man/...TO-Collection/

Samba is a great choice for your situation. It will allow you to do what you are looking for.

First things first, if you want authentication, each user you want to authenticate MUST have a linux account on the server. So create users on your server with the same user names they use in Windows and give them the same passwords too. You will then convert these users to Samba accounts. Here is an excellent guide that can help you better understand how to do this: (scroll to the "creating user accounts" section)

http://www.brennan.id.au/18-Samba.html

You mentioned you have a share that currently everyone has full rights to and you want to only allow full rights to those who authenticate, and allow read only permission to those who do not authenticate. If I am mistaken, please give more details on what you are trying to accomplish.

Let's say I have a folder on the server located at /fileServer/accounting. I would change the permissions on this to 1775. You can do this by running this command:

Having the 1 turns the sticky bit on (google this for further info) 7 = Owner has full control, 7 = group has full control, 5 = others have only read and execute permission. Next make sure you create a group and put each user you want to authenticate in that group. Let's say you create a group called finance. Change the ownership to root:finance by running this command:

For your smb.conf file your share would look something like this:

give that a try, most if this was off the top of my head so I may have missed a step...I'm sure someone will correct me on it if I did.

Rich

1 members found this post helpful.

Hi Rich,

Thank you so much for your help.

As i said earlier, I have 20 clients in my network who have windows xp OS. The files and folders are on Linux KDE Server. All users now have full access to all files and folders.

I want the following configuration:-

- NO USERS SHOULD BE ABLE TO DELETE ANY FILES OR FOLDERS.
- Few users should be able to read and modify.
- Few users should be able to only view.

Most important is we need to give write access to most of the users but they should be able to DELETE ANY OF THE FILES.

Please help me out with this. Its urgent. Thank you very much for your help again.

If it's urgent, then you probably should read the configuration guides/howtos that Rich and I gave you, since they give you all the information you need to get things going.

Also, if you're having a problem, please post it, but we're not going to write your configuration files for you. Even at that, what you're posting is vague..."few users"?? Meaning what/who? Defined how???

You're probably looking for Linux ACLs it sounds like. With ACLs, you can go beyond the standard owner, group, other wrx permissions. You can create custom permissions for certain groups and users. The commands you'll be looking into are setfacl (to set the acls for certain groups and users) and getfacl (to list the current acl setting.

customizing acls can be tedious but can net you the results you just asked for, specifically allowing certain groups/users custom permissions to a file or folder, read, write, execute, delete, etc...can all be controlled.

Some examples I pulled by googleing "linux setfacl":

setfacl -m user:hope:r-- myfile.txt - Adds one ACL entry to the file myfile.txt, which gives the user hope read permission only.

setfacl -m u:saj:r--,u:leander,jake:rw- tester.txt - The command can be read as follows: Modify (-m) the access control list on the file tester.txt by giving read-only access (r--) to user (u) saj and read-write access (rw-) to the users (u) leander and jake. Conversely, you can create a group by a name say 'mygroup' and add the users leander and jake to mygroup and set the acl for the file as follows: setfacl -m g:mygroup:rw- /home/ravi/tester.txt

setfacl -m u:lisa:r file Granting an additional user read access

setfacl -m m::rx file Revoking write access from all groups and all named users (using the effective rights mask)

getfacl file1 | setfacl --set-file=- file2 Copying the ACL of one file to another

getfacl --access dir | setfacl -d -M- dir Copying the access ACL into the Default ACL

@TB0ne, have you ever had to find a solution fast, like yesterday? I know I have, and I can generally find more info on these boards faster than reading the config files that some elitist programmer wrote 12 years ago Don't always jump to the conclusion that he didn't already read the man pages/guides, and even though it was a little vague, I didn't need any more info than what he already posted to see that he was needing help with ACLs.

First, pay attention to his posts. A five-day lull between them doesn't scream "URGENT". And if I'm in a hurry, I don't waste time hitting the forums/boards, because that takes MORE time than reading the docs for myself.

And talk about jumping to conclusions...what's that about Linux ACLS??? You do realize that when you authenticate to Samba, via Windows, that some of what you posted, won't work, right?

Thank you so much Rich for you help...!!!

@TB0ne: I am new samba server configuration. I need to do this configurations for one of my client. I am a Professional Ethical Hacker and Penetration Test Engineer. I do trainings on IT security courses. Well no comments on what you said.

Thank you so much for your help too...!!!


@Rich: I am still working on it. As I have many commitments, Its difficult for me to take out time. But I have already dedicated time and working on it. Will get back to you if i stuck somewhere

Thank you again...!!!

TBOne, you may be right about the ACLs and Windows. Why not suggest a solution?

I did when I posted the link to the Samba documentation, where ACL's are covered. Re-typing what's already in there is a waste of time.

For your Linux users, lets say we create a folder called tech.

# mkdir tech
# chown root:tech tech - changes the owner to root, and group to tech
# chmod 0750 tech - this sets it so owner (root) has full access, and everyone in group tech has read/execute (limited access)
# chmod g+s tech - this sets the flag to s, which sets the gid
# setfacl -d -s g:techAdmin:rwx tech - this makes it so all users of group techAdmin can write to the share.
# setfacl -m group:techadmin:rwx tech/ - not sure why this needed to be there as the above code I though would take care of it. if anyone knows why, please post in the comments.



FOr Windows users, here's the samba share:

[tech]
comment = Tech department only
#inherit acls = Yes
path = /mnt/tech
guest ok = no
browseable = yes
read only = No
writeable = Yes
create mode = 0750
directory mode = 0750
force group = tech
write list = @techAdmin
valid users = @tech

This will allow all users in the group tech to read/execute and allow all users in the group techAdmin to read/write/execute.

Setting it up this way will allow users of the same group to create, modify, delete files within the tech directory. This also prevents the problem whereupon one user will create a file and automatically takes owner of it so others cant edit it.

Rich