Troubleshoot permissions in a Samba share
I am having trouble setting read-only permissions for my kids account on my home server (running Samba). I have set-up a documents share that I want my wife and I to have "rw-" access to, but my children only "r--" access (so they don't delete stuff).
I have several users on two different WinXP machines (PC1 and PC2) in my house. They are set-up in the following groups (taken from /etc/groups):
The following is an excerpt from the Samba config file for the "flex-documents" share:
path = /var/flexshare/shares/documents
comment = Documents
create mask = 0664
force group = g-parents
public = yes
browseable = yes
writeable = yes
However, when I log into a windows machine under the username "children", I still have write access to this share! I don't want my kids to delete family pictures by mistake! What am I doing wrong with the permissions???
# A publicly accessible directory, but read only, except for people in
# the "staff" group
; comment = Public Stuff
; path = /home/samba
; public = yes
; writable = yes
; printable = no
; write list = @staff
so drop the force group and instead add write list = @g-parents
Works great, thanks. I no longer have write access to files I do not own when logged in as "children".
However, now I don't seem to have visibility to the contents of sub-directories when logged in as "children". For example, some share sub-directories have files in them, but these files are not visible when logged in as "children". They are only visible when logged in as "parents". Does this have something to do with "browseable" or "printable" options in Samba?
it's the browseable option
Okay, I played with the browseable option but I couldn't seem to get it to work. Instead I looked at the linux file permissions. I read somewhere that to access the contents of a directory, the user must have execute permission to the directory. Therefore I did a "chmod o=rx * -R -v" to the share. This recursively made ALL files and directories executable to "other" users (Not the best idea, but I don't know how to restrict the command to just directories). Anyway the contents of directories can now be accessed in the children account now.
Accordingly I changed the samba share create mask from "0664" to "0665".
I'm new to linux permissions. If someone can show me how to make just the directories executable, that would be appreciated.
Elaborate example follows:
None the less use the find comand at the root you require looking for type d(irectory)
ie find ./tester -type d
and use that in your chmod as the target for the chmod command
ie chmod 711 `find ./tester -type d`
NOTE those quotes are the charater under the tilde/~ (usually next to the 1)
SO the setup for the test:
Holy schniky! Thanks. But now that I have made every file and directory executable, how do I do the inverse of `find ./tester -type d`? That is, apply the chmod to every item other than directories.
Surely I can't say `find ./tester -type b c p f l s D` or is there a better way?
BANG ! :)
use a ! (not) to negate the type and invert the search request :)
|All times are GMT -5. The time now is 10:28 AM.|